Add CI tests using the standard test interface
The playbook includes Tier1 level test cases that have been tested in the following contexts and is passing reliably on Classic. Test logs are stored in the Artifacts directory. The following steps are used to execute the tests using the standard test interface: Classic sudo ANSIBLE_INVENTORY=$(test -e inventory && echo inventory || echo /usr/share/ansible/inventory) TEST_SUBJECTS="" TEST_ARTIFACTS=$PWD/artifacts ansible-playbook --tags classic tests.yml It's based on https://src.fedoraproject.org/rpms/policycoreutils/pull-request/1 from Merlin Mathesius <merlinm@redhat.com>
This commit is contained in:
parent
3cd3d543c6
commit
4b74ff6678
64
tests/CIL-modules-without-compilation/Makefile
Normal file
64
tests/CIL-modules-without-compilation/Makefile
Normal file
@ -0,0 +1,64 @@
|
|||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# Makefile of /CoreOS/policycoreutils/Sanity/CIL-modules-without-compilation
|
||||||
|
# Description: What the test does
|
||||||
|
# Author: Milos Malik <mmalik@redhat.com>
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# Copyright (c) 2016 Red Hat, Inc.
|
||||||
|
#
|
||||||
|
# This copyrighted material is made available to anyone wishing
|
||||||
|
# to use, modify, copy, or redistribute it subject to the terms
|
||||||
|
# and conditions of the GNU General Public License version 2.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be
|
||||||
|
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||||
|
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||||
|
# PURPOSE. See the GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public
|
||||||
|
# License along with this program; if not, write to the Free
|
||||||
|
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||||
|
# Boston, MA 02110-1301, USA.
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
export TEST=/CoreOS/policycoreutils/Sanity/CIL-modules-without-compilation
|
||||||
|
export TESTVERSION=1.0
|
||||||
|
|
||||||
|
BUILT_FILES=
|
||||||
|
|
||||||
|
FILES=$(METADATA) runtest.sh Makefile PURPOSE
|
||||||
|
|
||||||
|
.PHONY: all install download clean
|
||||||
|
|
||||||
|
run: $(FILES) build
|
||||||
|
./runtest.sh
|
||||||
|
|
||||||
|
build: $(BUILT_FILES)
|
||||||
|
test -x runtest.sh || chmod a+x runtest.sh
|
||||||
|
|
||||||
|
clean:
|
||||||
|
rm -f *~ $(BUILT_FILES)
|
||||||
|
|
||||||
|
include /usr/share/rhts/lib/rhts-make.include
|
||||||
|
|
||||||
|
$(METADATA): Makefile
|
||||||
|
@echo "Owner: Milos Malik <mmalik@redhat.com>" > $(METADATA)
|
||||||
|
@echo "Name: $(TEST)" >> $(METADATA)
|
||||||
|
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
|
||||||
|
@echo "Path: $(TEST_DIR)" >> $(METADATA)
|
||||||
|
@echo "Description: What the test does" >> $(METADATA)
|
||||||
|
@echo "Type: Sanity" >> $(METADATA)
|
||||||
|
@echo "TestTime: 5m" >> $(METADATA)
|
||||||
|
@echo "RunFor: policycoreutils" >> $(METADATA)
|
||||||
|
@echo "Requires: policycoreutils" >> $(METADATA)
|
||||||
|
@echo "Priority: Normal" >> $(METADATA)
|
||||||
|
@echo "License: GPLv2" >> $(METADATA)
|
||||||
|
@echo "Confidential: no" >> $(METADATA)
|
||||||
|
@echo "Destructive: no" >> $(METADATA)
|
||||||
|
@echo "Releases: -RHEL4 -RHEL6 -RHELClient5 -RHELServer5" >> $(METADATA)
|
||||||
|
|
||||||
|
rhts-lint $(METADATA)
|
||||||
|
|
5
tests/CIL-modules-without-compilation/PURPOSE
Normal file
5
tests/CIL-modules-without-compilation/PURPOSE
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
PURPOSE of /CoreOS/policycoreutils/Sanity/CIL-modules-without-compilation
|
||||||
|
Author: Milos Malik <mmalik@redhat.com>
|
||||||
|
|
||||||
|
Is it possible to manage policy modules written in CIL without any compilation? Does semanage and semodule understand them?
|
||||||
|
|
73
tests/CIL-modules-without-compilation/runtest.sh
Executable file
73
tests/CIL-modules-without-compilation/runtest.sh
Executable file
@ -0,0 +1,73 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# runtest.sh of /CoreOS/policycoreutils/Sanity/CIL-modules-without-compilation
|
||||||
|
# Description: What the test does
|
||||||
|
# Author: Milos Malik <mmalik@redhat.com>
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# Copyright (c) 2016 Red Hat, Inc.
|
||||||
|
#
|
||||||
|
# This copyrighted material is made available to anyone wishing
|
||||||
|
# to use, modify, copy, or redistribute it subject to the terms
|
||||||
|
# and conditions of the GNU General Public License version 2.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be
|
||||||
|
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||||
|
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||||
|
# PURPOSE. See the GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public
|
||||||
|
# License along with this program; if not, write to the Free
|
||||||
|
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||||
|
# Boston, MA 02110-1301, USA.
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
# Include Beaker environment
|
||||||
|
. /usr/bin/rhts-environment.sh || exit 1
|
||||||
|
. /usr/share/beakerlib/beakerlib.sh || exit 1
|
||||||
|
|
||||||
|
PACKAGE="policycoreutils"
|
||||||
|
|
||||||
|
rlJournalStart
|
||||||
|
rlPhaseStartSetup
|
||||||
|
rlAssertRpm $PACKAGE
|
||||||
|
rlRun "echo '()' > empty.cil"
|
||||||
|
rlRun "echo '(())' > invalid.cil"
|
||||||
|
rlPhaseEnd
|
||||||
|
|
||||||
|
rlPhaseStartTest "empty CIL module"
|
||||||
|
rlRun "semodule -lfull | grep '400.*empty.*cil'" 1
|
||||||
|
rlRun "semodule -i empty.cil"
|
||||||
|
rlRun "semodule -lfull | grep '400.*empty.*cil'"
|
||||||
|
rlRun "semodule -r empty"
|
||||||
|
rlRun "semodule -lfull | grep '400.*empty.*cil'" 1
|
||||||
|
rlRun "semanage module -l | grep 'empty.*400.*cil'" 1
|
||||||
|
rlRun "semanage module -a empty.cil"
|
||||||
|
rlRun "semanage module -l | grep 'empty.*400.*cil'"
|
||||||
|
rlRun "semanage module -r empty"
|
||||||
|
rlRun "semanage module -l | grep 'empty.*400.*cil'" 1
|
||||||
|
rlPhaseEnd
|
||||||
|
|
||||||
|
rlPhaseStartTest "invalid CIL module"
|
||||||
|
rlRun "semodule -lfull | grep '400.*invalid.*cil'" 1
|
||||||
|
rlRun "semodule -i invalid.cil" 1
|
||||||
|
rlRun "semodule -lfull | grep '400.*invalid.*cil'" 1
|
||||||
|
rlRun "semodule -r invalid" 1
|
||||||
|
rlRun "semodule -lfull | grep '400.*invalid.*cil'" 1
|
||||||
|
rlRun "semanage module -l | grep 'invalid.*400.*cil'" 1
|
||||||
|
rlRun "semanage module -a invalid.cil" 1
|
||||||
|
rlRun "semanage module -l | grep 'invalid.*400.*cil'" 1
|
||||||
|
rlRun "semanage module -r invalid" 1
|
||||||
|
rlRun "semanage module -l | grep 'invalid.*400.*cil'" 1
|
||||||
|
rlPhaseEnd
|
||||||
|
|
||||||
|
rlPhaseStartCleanup
|
||||||
|
rlRun "rm -f empty.cil invalid.cil"
|
||||||
|
rlPhaseEnd
|
||||||
|
rlJournalPrintText
|
||||||
|
rlJournalEnd
|
||||||
|
|
64
tests/load_policy/Makefile
Normal file
64
tests/load_policy/Makefile
Normal file
@ -0,0 +1,64 @@
|
|||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# Makefile of /CoreOS/policycoreutils/Sanity/load_policy
|
||||||
|
# Description: Does load_policy work as expected? Does it produce correct audit messages?
|
||||||
|
# Author: Milos Malik <mmalik@redhat.com>
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# Copyright (c) 2016 Red Hat, Inc.
|
||||||
|
#
|
||||||
|
# This copyrighted material is made available to anyone wishing
|
||||||
|
# to use, modify, copy, or redistribute it subject to the terms
|
||||||
|
# and conditions of the GNU General Public License version 2.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be
|
||||||
|
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||||
|
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||||
|
# PURPOSE. See the GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public
|
||||||
|
# License along with this program; if not, write to the Free
|
||||||
|
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||||
|
# Boston, MA 02110-1301, USA.
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
export TEST=/CoreOS/policycoreutils/Sanity/load_policy
|
||||||
|
export TESTVERSION=1.0
|
||||||
|
|
||||||
|
BUILT_FILES=
|
||||||
|
|
||||||
|
FILES=$(METADATA) runtest.sh Makefile PURPOSE
|
||||||
|
|
||||||
|
.PHONY: all install download clean
|
||||||
|
|
||||||
|
run: $(FILES) build
|
||||||
|
./runtest.sh
|
||||||
|
|
||||||
|
build: $(BUILT_FILES)
|
||||||
|
test -x runtest.sh || chmod a+x runtest.sh
|
||||||
|
|
||||||
|
clean:
|
||||||
|
rm -f *~ $(BUILT_FILES)
|
||||||
|
|
||||||
|
include /usr/share/rhts/lib/rhts-make.include
|
||||||
|
|
||||||
|
$(METADATA): Makefile
|
||||||
|
@echo "Owner: Milos Malik <mmalik@redhat.com>" > $(METADATA)
|
||||||
|
@echo "Name: $(TEST)" >> $(METADATA)
|
||||||
|
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
|
||||||
|
@echo "Path: $(TEST_DIR)" >> $(METADATA)
|
||||||
|
@echo "Description: Does load_policy work as expected? Does it produce correct audit messages?" >> $(METADATA)
|
||||||
|
@echo "Type: Sanity" >> $(METADATA)
|
||||||
|
@echo "TestTime: 5m" >> $(METADATA)
|
||||||
|
@echo "RunFor: policycoreutils" >> $(METADATA)
|
||||||
|
@echo "Requires: audit policycoreutils selinux-policy-targeted" >> $(METADATA)
|
||||||
|
@echo "Priority: Normal" >> $(METADATA)
|
||||||
|
@echo "License: GPLv2" >> $(METADATA)
|
||||||
|
@echo "Confidential: no" >> $(METADATA)
|
||||||
|
@echo "Destructive: no" >> $(METADATA)
|
||||||
|
@echo "Releases: -RHEL4 -RHELClient5 -RHELServer5" >> $(METADATA)
|
||||||
|
|
||||||
|
rhts-lint $(METADATA)
|
||||||
|
|
5
tests/load_policy/PURPOSE
Normal file
5
tests/load_policy/PURPOSE
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
PURPOSE of /CoreOS/policycoreutils/Sanity/load_policy
|
||||||
|
Author: Milos Malik <mmalik@redhat.com>
|
||||||
|
|
||||||
|
Does load_policy work as expected? Does it produce correct audit messages?
|
||||||
|
|
79
tests/load_policy/runtest.sh
Executable file
79
tests/load_policy/runtest.sh
Executable file
@ -0,0 +1,79 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# runtest.sh of /CoreOS/policycoreutils/Sanity/load_policy
|
||||||
|
# Description: Does load_policy work as expected? Does it produce correct audit messages?
|
||||||
|
# Author: Milos Malik <mmalik@redhat.com>
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# Copyright (c) 2016 Red Hat, Inc.
|
||||||
|
#
|
||||||
|
# This copyrighted material is made available to anyone wishing
|
||||||
|
# to use, modify, copy, or redistribute it subject to the terms
|
||||||
|
# and conditions of the GNU General Public License version 2.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be
|
||||||
|
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||||
|
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||||
|
# PURPOSE. See the GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public
|
||||||
|
# License along with this program; if not, write to the Free
|
||||||
|
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||||
|
# Boston, MA 02110-1301, USA.
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
# Include Beaker environment
|
||||||
|
. /usr/bin/rhts-environment.sh || exit 1
|
||||||
|
. /usr/share/beakerlib/beakerlib.sh || exit 1
|
||||||
|
|
||||||
|
PACKAGE="policycoreutils"
|
||||||
|
if rlIsRHEL 6 ; then
|
||||||
|
SELINUX_FS_MOUNT="/selinux"
|
||||||
|
else # RHEL-7 and above
|
||||||
|
SELINUX_FS_MOUNT="/sys/fs/selinux"
|
||||||
|
fi
|
||||||
|
|
||||||
|
rlJournalStart
|
||||||
|
rlPhaseStartSetup
|
||||||
|
rlAssertRpm ${PACKAGE}
|
||||||
|
rlRun "ls -l `which load_policy`"
|
||||||
|
BINARY_POLICY=`find /etc/selinux/targeted -type f -name policy.?? | sort -n | tail -n 1`
|
||||||
|
rlRun "ls -l ${BINARY_POLICY}"
|
||||||
|
rlPhaseEnd
|
||||||
|
|
||||||
|
rlPhaseStartTest
|
||||||
|
rlRun "load_policy --xyz 2>&1 | grep \"invalid option\""
|
||||||
|
rlRun "dmesg | grep -i selinux" 0,1
|
||||||
|
rlRun "grep -i selinux /proc/mounts"
|
||||||
|
START_DATE_TIME=`date "+%m/%d/%Y %T"`
|
||||||
|
sleep 1
|
||||||
|
rlRun "load_policy -q"
|
||||||
|
rlRun "grep -i selinux /proc/mounts"
|
||||||
|
sleep 1
|
||||||
|
if rlIsRHEL ; then
|
||||||
|
rlRun "ausearch -m MAC_POLICY_LOAD -i -ts ${START_DATE_TIME} | grep load_policy"
|
||||||
|
fi
|
||||||
|
rlRun "ausearch -m MAC_POLICY_LOAD -i -ts ${START_DATE_TIME} | grep 'policy loaded'"
|
||||||
|
rlRun "umount ${SELINUX_FS_MOUNT}"
|
||||||
|
rlRun "grep -i selinux /proc/mounts" 1
|
||||||
|
START_DATE_TIME=`date "+%m/%d/%Y %T"`
|
||||||
|
sleep 1
|
||||||
|
rlRun "load_policy -i ${BINARY_POLICY}"
|
||||||
|
rlRun "grep -i selinux /proc/mounts"
|
||||||
|
sleep 1
|
||||||
|
if rlIsRHEL ; then
|
||||||
|
rlRun "ausearch -m MAC_POLICY_LOAD -i -ts ${START_DATE_TIME} | grep load_policy"
|
||||||
|
fi
|
||||||
|
rlRun "ausearch -m MAC_POLICY_LOAD -i -ts ${START_DATE_TIME} | grep 'policy loaded'"
|
||||||
|
rlRun "dmesg | grep -i selinux"
|
||||||
|
rlPhaseEnd
|
||||||
|
|
||||||
|
rlPhaseStartCleanup
|
||||||
|
rlPhaseEnd
|
||||||
|
rlJournalPrintText
|
||||||
|
rlJournalEnd
|
||||||
|
|
70
tests/restorecon/Makefile
Normal file
70
tests/restorecon/Makefile
Normal file
@ -0,0 +1,70 @@
|
|||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# Makefile of /CoreOS/policycoreutils/Sanity/restorecon
|
||||||
|
# Description: does restorecon work correctly ?
|
||||||
|
# Author: Milos Malik <mmalik@redhat.com>
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# Copyright (c) 2011 Red Hat, Inc. All rights reserved.
|
||||||
|
#
|
||||||
|
# This copyrighted material is made available to anyone wishing
|
||||||
|
# to use, modify, copy, or redistribute it subject to the terms
|
||||||
|
# and conditions of the GNU General Public License version 2.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be
|
||||||
|
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||||
|
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||||
|
# PURPOSE. See the GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public
|
||||||
|
# License along with this program; if not, write to the Free
|
||||||
|
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||||
|
# Boston, MA 02110-1301, USA.
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
export TEST=/CoreOS/policycoreutils/Sanity/restorecon
|
||||||
|
export TESTVERSION=1.0
|
||||||
|
|
||||||
|
BUILT_FILES=
|
||||||
|
|
||||||
|
FILES=$(METADATA) runtest.sh Makefile PURPOSE testpolicy.te testpolicy.fc
|
||||||
|
|
||||||
|
.PHONY: all install download clean
|
||||||
|
|
||||||
|
run: $(FILES) build
|
||||||
|
./runtest.sh
|
||||||
|
|
||||||
|
build: $(BUILT_FILES)
|
||||||
|
chmod a+x runtest.sh
|
||||||
|
chcon -t bin_t runtest.sh;:
|
||||||
|
|
||||||
|
clean:
|
||||||
|
rm -f *~ $(BUILT_FILES)
|
||||||
|
|
||||||
|
include /usr/share/rhts/lib/rhts-make.include
|
||||||
|
|
||||||
|
$(METADATA): Makefile
|
||||||
|
@echo "Owner: Milos Malik <mmalik@redhat.com>" > $(METADATA)
|
||||||
|
@echo "Name: $(TEST)" >> $(METADATA)
|
||||||
|
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
|
||||||
|
@echo "Path: $(TEST_DIR)" >> $(METADATA)
|
||||||
|
@echo "Description: does restorecon work correctly ?" >> $(METADATA)
|
||||||
|
@echo "Type: Sanity" >> $(METADATA)
|
||||||
|
@echo "TestTime: 15m" >> $(METADATA)
|
||||||
|
@echo "RunFor: policycoreutils" >> $(METADATA)
|
||||||
|
@echo "Requires: policycoreutils" >> $(METADATA)
|
||||||
|
@echo "Requires: grep" >> $(METADATA)
|
||||||
|
@echo "Requires: e2fsprogs" >> $(METADATA)
|
||||||
|
@echo "Requires: libselinux" >> $(METADATA)
|
||||||
|
@echo "Requires: selinux-policy-devel" >> $(METADATA)
|
||||||
|
@echo "Requires: libselinux-utils" >> $(METADATA)
|
||||||
|
@echo "Priority: Normal" >> $(METADATA)
|
||||||
|
@echo "License: GPLv2" >> $(METADATA)
|
||||||
|
@echo "Confidential: no" >> $(METADATA)
|
||||||
|
@echo "Destructive: no" >> $(METADATA)
|
||||||
|
@echo "Releases: -RHEL4" >> $(METADATA)
|
||||||
|
|
||||||
|
rhts-lint $(METADATA)
|
||||||
|
|
5
tests/restorecon/PURPOSE
Normal file
5
tests/restorecon/PURPOSE
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
PURPOSE of /CoreOS/policycoreutils/Sanity/restorecon
|
||||||
|
Author: Milos Malik <mmalik@redhat.com>
|
||||||
|
|
||||||
|
Does restorecon work correctly?
|
||||||
|
|
367
tests/restorecon/runtest.sh
Executable file
367
tests/restorecon/runtest.sh
Executable file
@ -0,0 +1,367 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# runtest.sh of /CoreOS/policycoreutils/Sanity/restorecon
|
||||||
|
# Description: does restorecon work correctly ?
|
||||||
|
# Author: Milos Malik <mmalik@redhat.com>
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# Copyright (c) 2011 Red Hat, Inc. All rights reserved.
|
||||||
|
#
|
||||||
|
# This copyrighted material is made available to anyone wishing
|
||||||
|
# to use, modify, copy, or redistribute it subject to the terms
|
||||||
|
# and conditions of the GNU General Public License version 2.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be
|
||||||
|
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||||
|
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||||
|
# PURPOSE. See the GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public
|
||||||
|
# License along with this program; if not, write to the Free
|
||||||
|
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||||
|
# Boston, MA 02110-1301, USA.
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
# Include rhts environment
|
||||||
|
. /usr/bin/rhts-environment.sh
|
||||||
|
. /usr/share/beakerlib/beakerlib.sh
|
||||||
|
|
||||||
|
PACKAGE="policycoreutils"
|
||||||
|
|
||||||
|
rlJournalStart
|
||||||
|
rlPhaseStartSetup
|
||||||
|
rlAssertRpm ${PACKAGE}
|
||||||
|
rlServiceStop mcstrans mcstransd
|
||||||
|
rlRun "rpm -qf `which restorecon` | grep ${PACKAGE}"
|
||||||
|
rlRun "setenforce 1"
|
||||||
|
rlRun "sestatus"
|
||||||
|
rlRun "setsebool allow_domain_fd_use on"
|
||||||
|
rlPhaseEnd
|
||||||
|
|
||||||
|
rlPhaseStartTest "Functional test"
|
||||||
|
|
||||||
|
TESTDIR="/opt/restorecon_testdir"
|
||||||
|
DIRS="correct.dir incorrect1.dir incorrect2.dir customizable.dir"
|
||||||
|
FILES="correct.file incorrect.file customizable.file"
|
||||||
|
|
||||||
|
rlRun "make -f /usr/share/selinux/devel/Makefile"
|
||||||
|
rlRun "semodule -i testpolicy.pp"
|
||||||
|
|
||||||
|
rlFileBackup /etc/selinux/targeted/contexts/customizable_types
|
||||||
|
rlRun "echo 'customizable_t' >> /etc/selinux/targeted/contexts/customizable_types"
|
||||||
|
|
||||||
|
# Here is the testing dirs and files structure
|
||||||
|
# all the files have initial context corresponding to their names
|
||||||
|
|
||||||
|
# ./
|
||||||
|
# correct.file
|
||||||
|
# incorrect.file
|
||||||
|
# customizable.file
|
||||||
|
|
||||||
|
# correct.dir/
|
||||||
|
# correct.file
|
||||||
|
# incorrect.file
|
||||||
|
# customizable.file
|
||||||
|
|
||||||
|
# incorrect1.dir/
|
||||||
|
# correct.file
|
||||||
|
# incorrect.file
|
||||||
|
# customizable.file
|
||||||
|
|
||||||
|
# incorrect2.dir/
|
||||||
|
# correct.file
|
||||||
|
# incorrect.file
|
||||||
|
# customizable.file
|
||||||
|
|
||||||
|
# customizable.dir/
|
||||||
|
# correct.file
|
||||||
|
# incorrect.file
|
||||||
|
# customizable.file
|
||||||
|
|
||||||
|
# Function to set initial contexts
|
||||||
|
function set_contexts {
|
||||||
|
# Set the intended contexts
|
||||||
|
rlLog "Setting initial contexts of testing dirs..."
|
||||||
|
restorecon -R $TESTDIR
|
||||||
|
for ITEM in `find . -name 'incorrect*'`; do
|
||||||
|
chcon -t incorrect_t $ITEM
|
||||||
|
done
|
||||||
|
for ITEM in `find . -name 'customizable*'`; do
|
||||||
|
chcon -t customizable_t $ITEM
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
# Check that files in dir $1 have the initial contexts
|
||||||
|
function check_initial_contexts {
|
||||||
|
if echo $1 | grep -q 'incorrect.dir'; then
|
||||||
|
rlRun "ls -ladZ $1 | grep :incorrect_t"
|
||||||
|
elif echo $1 | grep -q 'correct.dir'; then
|
||||||
|
rlRun "ls -ladZ $1 | grep :correct_t"
|
||||||
|
elif echo $1 | grep -q 'customizable.dir'; then
|
||||||
|
rlRun "ls -ladZ $1 | grep :customizable_t"
|
||||||
|
fi
|
||||||
|
rlRun "ls -ladZ $1/* | grep '\<correct.file' | grep ':correct_t'"
|
||||||
|
rlRun "ls -ladZ $1/* | grep '\<incorrect.file' | grep ':incorrect_t'"
|
||||||
|
rlRun "ls -ladZ $1/* | grep '\<customizable.file' | grep ':customizable_t'"
|
||||||
|
}
|
||||||
|
|
||||||
|
# Check that files matching with $2 in dir $1 have context $3
|
||||||
|
function check_contexts {
|
||||||
|
COMMAND="find $1 -name '$2'"
|
||||||
|
for ITEM in `eval $COMMAND`; do
|
||||||
|
rlRun "ls -ladZ $ITEM | grep :$3";
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
# Create the testing dirs and files
|
||||||
|
rlRun "mkdir -p $TESTDIR"
|
||||||
|
rlRun "pushd $TESTDIR"
|
||||||
|
rlRun "mkdir $DIRS"
|
||||||
|
rlRun "touch $FILES"
|
||||||
|
for DIR in $DIRS; do
|
||||||
|
rlRun "pushd $DIR"
|
||||||
|
rlRun "touch $FILES"
|
||||||
|
rlRun "popd"
|
||||||
|
done
|
||||||
|
|
||||||
|
set_contexts
|
||||||
|
|
||||||
|
echo
|
||||||
|
rlLog "Checking initial contexts of testing dirs..."
|
||||||
|
# Check the contexts are set properly
|
||||||
|
check_initial_contexts '.'
|
||||||
|
check_initial_contexts 'incorrect1.dir'
|
||||||
|
check_initial_contexts 'incorrect2.dir'
|
||||||
|
check_initial_contexts 'correct.dir'
|
||||||
|
check_initial_contexts 'customizable.dir'
|
||||||
|
check_contexts '.' 'incorrect*' 'incorrect_t'
|
||||||
|
check_contexts '.' 'correct*' 'correct_t'
|
||||||
|
check_contexts '.' 'customizable*' 'customizable_t'
|
||||||
|
|
||||||
|
# -e directory
|
||||||
|
# exclude a directory (repeat the option to exclude more than one directory).
|
||||||
|
|
||||||
|
echo
|
||||||
|
rlLog "-e directory"
|
||||||
|
set_contexts
|
||||||
|
rlRun "restorecon -RF -e $TESTDIR/incorrect2.dir $TESTDIR"
|
||||||
|
for ITEM in `ls *.file`; do rlRun "ls -ladZ $ITEM | grep correct_t"; done
|
||||||
|
check_contexts 'incorrect1.dir' '*' 'correct_t'
|
||||||
|
check_contexts 'customizable.dir' '*' 'correct_t'
|
||||||
|
check_initial_contexts 'incorrect2.dir'
|
||||||
|
rlRun "ls -ladZ incorrect2.dir | grep incorrect_t"
|
||||||
|
|
||||||
|
# -f infilename
|
||||||
|
# infilename contains a list of files to be processed. Use - for stdin.
|
||||||
|
|
||||||
|
echo
|
||||||
|
rlLog "-f filename"
|
||||||
|
set_contexts
|
||||||
|
rlRun "cat > ../file_list <<EOF
|
||||||
|
./customizable.file
|
||||||
|
./customizable.dir
|
||||||
|
./correct.dir/customizable.file
|
||||||
|
./incorrect1.dir/customizable.file
|
||||||
|
./incorrect2.dir/customizable.file
|
||||||
|
./customizable.dir/customizable.file
|
||||||
|
EOF"
|
||||||
|
if rlIsRHEL 5; then chcon -t file_t ../file_list ;fi
|
||||||
|
rlRun "restorecon -F -f ../file_list"
|
||||||
|
check_contexts '.' 'incorrect*' 'incorrect_t'
|
||||||
|
check_contexts '.' 'correct*' 'correct_t'
|
||||||
|
check_contexts '.' 'customizable*' 'correct_t'
|
||||||
|
rlRun "rm -f ../file_list"
|
||||||
|
|
||||||
|
|
||||||
|
echo
|
||||||
|
rlLog "-f - Input from stdin"
|
||||||
|
set_contexts
|
||||||
|
rlRun "echo -e 'incorrect2.dir\ncustomizable.file\nincorrect.file' | restorecon -f -"
|
||||||
|
check_initial_contexts 'incorrect1.dir'
|
||||||
|
check_initial_contexts 'correct.dir'
|
||||||
|
check_initial_contexts 'customizable.dir'
|
||||||
|
check_contexts 'incorrect2' '*' 'correct_t'
|
||||||
|
rlRun "ls -ladZ customizable.file | grep customizable_t"
|
||||||
|
rlRun "ls -ladZ incorrect.file | grep :correct_t"
|
||||||
|
|
||||||
|
# -F Force reset of context to match file_context for customizable files, and
|
||||||
|
# the default file context, changing the user, role, range portion as well
|
||||||
|
# as the type.
|
||||||
|
|
||||||
|
echo
|
||||||
|
rlLog "-F Force reset of customizable types"
|
||||||
|
set_contexts
|
||||||
|
rlRun "restorecon -RF $TESTDIR"
|
||||||
|
check_contexts '.' '*' 'correct_t'
|
||||||
|
|
||||||
|
# This feature is from RHEL6 further
|
||||||
|
if ! rlIsRHEL; then
|
||||||
|
echo
|
||||||
|
rlLog "-F Force reset of the whole context"
|
||||||
|
set_contexts
|
||||||
|
chcon -u staff_u *.file
|
||||||
|
rlRun "ls -laZ correct.file | grep staff_u"
|
||||||
|
rlRun "ls -laZ incorrect.file | grep staff_u"
|
||||||
|
rlRun "ls -laZ customizable.file | grep staff_u"
|
||||||
|
rlRun "restorecon -R $TESTDIR"
|
||||||
|
rlRun "ls -laZ correct.file | grep staff_u"
|
||||||
|
rlRun "ls -laZ incorrect.file | grep staff_u"
|
||||||
|
rlRun "ls -laZ customizable.file | grep staff_u"
|
||||||
|
rlRun "restorecon -RF $TESTDIR"
|
||||||
|
rlRun "ls -laZ correct.file | grep system_u"
|
||||||
|
rlRun "ls -laZ incorrect.file | grep system_u"
|
||||||
|
rlRun "ls -laZ customizable.file | grep system_u"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# -i ignore files that do not exist.
|
||||||
|
|
||||||
|
rlRun "restorecon non-existent-file" 1-255
|
||||||
|
rlRun "restorecon -i non-existent-file"
|
||||||
|
|
||||||
|
# -n don't change any file labels (passive check).
|
||||||
|
|
||||||
|
echo
|
||||||
|
rlLog "-n dry-run"
|
||||||
|
set_contexts
|
||||||
|
rlRun "restorecon -RF -n $TESTDIR"
|
||||||
|
check_contexts '.' 'incorrect*' 'incorrect_t'
|
||||||
|
check_contexts '.' 'correct*' 'correct_t'
|
||||||
|
check_contexts '.' 'customizable*' 'customizable_t'
|
||||||
|
|
||||||
|
# -o outfilename
|
||||||
|
# Deprecated, SELinux policy will probably block this access. Use shell
|
||||||
|
# redirection to save list of files with incorrect context in filename.
|
||||||
|
|
||||||
|
# ----not tested yet
|
||||||
|
|
||||||
|
# -R, -r change files and directories file labels recursively (descend directo‐
|
||||||
|
# ries).
|
||||||
|
# Note: restorecon reports warnings on paths without default labels only
|
||||||
|
# if called non-recursively or in verbose mode.
|
||||||
|
|
||||||
|
set_contexts
|
||||||
|
rlRun "restorecon -R $TESTDIR"
|
||||||
|
check_contexts '.' '*corr*' 'correct_t'
|
||||||
|
check_contexts '.' 'customizable*' 'customizable_t'
|
||||||
|
|
||||||
|
# ...by default it does not operate recursively on directories
|
||||||
|
|
||||||
|
set_contexts
|
||||||
|
rlRun "restorecon $TESTDIR"
|
||||||
|
check_initial_contexts 'incorrect1.dir'
|
||||||
|
check_initial_contexts 'incorrect2.dir'
|
||||||
|
check_initial_contexts 'correct.dir'
|
||||||
|
check_initial_contexts 'customizable.dir'
|
||||||
|
rlRun "ls -ladZ customizable.file | grep customizable_t"
|
||||||
|
rlRun "ls -ladZ incorrect.file | grep :incorrect_t"
|
||||||
|
rlRun "ls -ladZ correct.file | grep :correct_t"
|
||||||
|
|
||||||
|
# -v show changes in file labels, if type or role are going to be changed.
|
||||||
|
|
||||||
|
# ----not tested yet
|
||||||
|
|
||||||
|
# -0 option is not present in RHEL5
|
||||||
|
if ! rlIsRHEL 5; then
|
||||||
|
# -0 the separator for the input items is assumed to be the null character
|
||||||
|
# (instead of the white space). The quotes and the backslash characters
|
||||||
|
# are also treated as normal characters that can form valid input. This
|
||||||
|
# option finally also disables the end of file string, which is treated
|
||||||
|
# like any other argument. Useful when input items might contain white
|
||||||
|
# space, quote marks or backslashes. The -print0 option of GNU find pro‐
|
||||||
|
# duces input suitable for this mode.
|
||||||
|
|
||||||
|
echo
|
||||||
|
rlLog "-0"
|
||||||
|
set_contexts
|
||||||
|
rlRun "find . -print0 | restorecon -f - -0"
|
||||||
|
check_contexts '.' '*corr*' 'correct_t'
|
||||||
|
check_contexts '.' 'customizable*' 'customizable_t'
|
||||||
|
|
||||||
|
echo
|
||||||
|
rlLog "-0 with -F"
|
||||||
|
set_contexts
|
||||||
|
rlRun "find . -print0 | restorecon -F -f - -0"
|
||||||
|
check_contexts '.' '*' 'correct_t'
|
||||||
|
|
||||||
|
fi
|
||||||
|
|
||||||
|
# If a file object does not have a context, restorecon will write the default
|
||||||
|
# context to the file object's extended attributes.
|
||||||
|
|
||||||
|
# ----not tested yet
|
||||||
|
|
||||||
|
|
||||||
|
# Cleanup
|
||||||
|
|
||||||
|
rlRun "popd"
|
||||||
|
rlRun "rm -rf /opt/restorecon_testdir"
|
||||||
|
rlFileRestore
|
||||||
|
rlRun "semodule -r testpolicy"
|
||||||
|
rlPhaseEnd
|
||||||
|
|
||||||
|
# This is RFE from RHEL6 and further versions
|
||||||
|
if ! rlIsRHEL 5;then
|
||||||
|
rlPhaseStartTest
|
||||||
|
# META-Fixed-In: policycoreutils-2.0.83-19.14.el6
|
||||||
|
rlRun "pushd /root"
|
||||||
|
rlRun "touch test-file"
|
||||||
|
rlRun "mkdir test-dir"
|
||||||
|
for ITEM in "test-file" "test-dir" ; do
|
||||||
|
rlRun "chcon -u staff_u -t shadow_t -l s0:c1 ${ITEM}"
|
||||||
|
rlRun "ls -dZ ${ITEM} | grep staff_u:object_r:shadow_t:s0:c1"
|
||||||
|
rlRun "restorecon -v ${ITEM}" 0,1
|
||||||
|
rlRun "ls -dZ ${ITEM} | grep staff_u:object_r:admin_home_t:s0:c1"
|
||||||
|
rlRun "restorecon -F -v ${ITEM}" 0,1
|
||||||
|
rlRun "ls -dZ ${ITEM} | grep system_u:object_r:admin_home_t:s0"
|
||||||
|
done
|
||||||
|
rlRun "rm -rf test-dir"
|
||||||
|
rlRun "rm -f test-file"
|
||||||
|
rlRun "popd"
|
||||||
|
rlPhaseEnd
|
||||||
|
fi
|
||||||
|
|
||||||
|
rlPhaseStartTest
|
||||||
|
# META-Fixed-In: policycoreutils-2.0.83-19.16.el6
|
||||||
|
rlRun "pushd /root"
|
||||||
|
rlRun "touch test-file"
|
||||||
|
rlRun "mkdir test-dir"
|
||||||
|
for ITEM in "test-file" "test-dir" ; do
|
||||||
|
rlRun "chcon -t tmp_t ${ITEM}"
|
||||||
|
rlRun "ls -dZ ${ITEM}"
|
||||||
|
rlRun "chattr +i ${ITEM}"
|
||||||
|
rlRun "restorecon -v ${ITEM}" 1-255
|
||||||
|
rlRun "chattr -i ${ITEM}"
|
||||||
|
rlRun "ls -dZ ${ITEM}"
|
||||||
|
rlRun "restorecon -v ${ITEM}"
|
||||||
|
rlRun "ls -dZ ${ITEM}"
|
||||||
|
done
|
||||||
|
rlRun "rm -rf test-dir"
|
||||||
|
rlRun "rm -f test-file"
|
||||||
|
rlRun "popd"
|
||||||
|
rlPhaseEnd
|
||||||
|
|
||||||
|
# The bug was closed as NEXTRELEASE for RHEL5
|
||||||
|
if ! rlIsRHEL 5; then
|
||||||
|
rlPhaseStartTest
|
||||||
|
rlRun "touch ~/test-file"
|
||||||
|
rlRun "restorecon -vF ~/test-file"
|
||||||
|
rlRun "restorecon -vF ~/test-file | grep \"reset.*context\"" 1
|
||||||
|
rlRun "rm -f ~/test-file"
|
||||||
|
|
||||||
|
rlRun "mkdir ~/test-dir"
|
||||||
|
rlRun "restorecon -vF ~/test-dir"
|
||||||
|
rlRun "restorecon -vF ~/test-dir | grep \"reset.*context\"" 1
|
||||||
|
rlRun "rm -rf ~/test-dir"
|
||||||
|
rlPhaseEnd
|
||||||
|
fi
|
||||||
|
|
||||||
|
rlPhaseStartCleanup
|
||||||
|
rlServiceRestore mcstrans mcstransd
|
||||||
|
rlPhaseEnd
|
||||||
|
rlJournalPrintText
|
||||||
|
rlJournalEnd
|
||||||
|
|
2
tests/restorecon/testpolicy.fc
Normal file
2
tests/restorecon/testpolicy.fc
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
/opt/restorecon_testdir(/.*)? system_u:object_r:correct_t:s0
|
||||||
|
|
19
tests/restorecon/testpolicy.te
Normal file
19
tests/restorecon/testpolicy.te
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
policy_module(testpolicy, 1.0)
|
||||||
|
|
||||||
|
require {
|
||||||
|
attribute domain;
|
||||||
|
type fs_t;
|
||||||
|
}
|
||||||
|
|
||||||
|
type correct_t;
|
||||||
|
files_type(correct_t)
|
||||||
|
type incorrect_t;
|
||||||
|
files_type(incorrect_t)
|
||||||
|
type customizable_t;
|
||||||
|
files_type(customizable_t)
|
||||||
|
|
||||||
|
|
||||||
|
#allow domain correct_t:dir relabelto;
|
||||||
|
#allow correct_t fs_t:filesystem associate;
|
||||||
|
|
||||||
|
|
65
tests/semanage-interface/Makefile
Normal file
65
tests/semanage-interface/Makefile
Normal file
@ -0,0 +1,65 @@
|
|||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# Makefile of /CoreOS/policycoreutils/Regression/semanage-interface
|
||||||
|
# Description: Does semanage interface ... work correctly?
|
||||||
|
# Author: Milos Malik <mmalik@redhat.com>
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# Copyright (c) 2013 Red Hat, Inc. All rights reserved.
|
||||||
|
#
|
||||||
|
# This copyrighted material is made available to anyone wishing
|
||||||
|
# to use, modify, copy, or redistribute it subject to the terms
|
||||||
|
# and conditions of the GNU General Public License version 2.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be
|
||||||
|
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||||
|
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||||
|
# PURPOSE. See the GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public
|
||||||
|
# License along with this program; if not, write to the Free
|
||||||
|
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||||
|
# Boston, MA 02110-1301, USA.
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
export TEST=/CoreOS/policycoreutils/Regression/semanage-interface
|
||||||
|
export TESTVERSION=1.0
|
||||||
|
|
||||||
|
BUILT_FILES=
|
||||||
|
|
||||||
|
FILES=$(METADATA) runtest.sh Makefile PURPOSE
|
||||||
|
|
||||||
|
.PHONY: all install download clean
|
||||||
|
|
||||||
|
run: $(FILES) build
|
||||||
|
./runtest.sh
|
||||||
|
|
||||||
|
build: $(BUILT_FILES)
|
||||||
|
test -x runtest.sh || chmod a+x runtest.sh
|
||||||
|
test -x runtest.sh || chcon -t bin_t runtest.sh
|
||||||
|
|
||||||
|
clean:
|
||||||
|
rm -f *~ $(BUILT_FILES)
|
||||||
|
|
||||||
|
include /usr/share/rhts/lib/rhts-make.include
|
||||||
|
|
||||||
|
$(METADATA): Makefile
|
||||||
|
@echo "Owner: Milos Malik <mmalik@redhat.com>" > $(METADATA)
|
||||||
|
@echo "Name: $(TEST)" >> $(METADATA)
|
||||||
|
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
|
||||||
|
@echo "Path: $(TEST_DIR)" >> $(METADATA)
|
||||||
|
@echo "Description: Does semanage interface ... work correctly?" >> $(METADATA)
|
||||||
|
@echo "Type: Regression" >> $(METADATA)
|
||||||
|
@echo "TestTime: 20m" >> $(METADATA)
|
||||||
|
@echo "RunFor: policycoreutils" >> $(METADATA)
|
||||||
|
@echo "Requires: policycoreutils policycoreutils-python-utils grep selinux-policy-minimum selinux-policy-mls selinux-policy-targeted" >> $(METADATA)
|
||||||
|
@echo "Priority: Normal" >> $(METADATA)
|
||||||
|
@echo "License: GPLv2" >> $(METADATA)
|
||||||
|
@echo "Confidential: no" >> $(METADATA)
|
||||||
|
@echo "Destructive: no" >> $(METADATA)
|
||||||
|
@echo "Releases: -RHEL4" >> $(METADATA)
|
||||||
|
|
||||||
|
rhts-lint $(METADATA)
|
||||||
|
|
4
tests/semanage-interface/PURPOSE
Normal file
4
tests/semanage-interface/PURPOSE
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
PURPOSE of /CoreOS/policycoreutils/Regression/semanage-interface
|
||||||
|
Description: Does semanage interface ... work correctly?
|
||||||
|
Author: Milos Malik <mmalik@redhat.com>
|
||||||
|
|
69
tests/semanage-interface/runtest.sh
Executable file
69
tests/semanage-interface/runtest.sh
Executable file
@ -0,0 +1,69 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# runtest.sh of /CoreOS/policycoreutils/Regression/semanage-interface
|
||||||
|
# Description: Does semanage interface ... work correctly?
|
||||||
|
# Author: Milos Malik <mmalik@redhat.com>
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# Copyright (c) 2013 Red Hat, Inc. All rights reserved.
|
||||||
|
#
|
||||||
|
# This copyrighted material is made available to anyone wishing
|
||||||
|
# to use, modify, copy, or redistribute it subject to the terms
|
||||||
|
# and conditions of the GNU General Public License version 2.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be
|
||||||
|
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||||
|
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||||
|
# PURPOSE. See the GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public
|
||||||
|
# License along with this program; if not, write to the Free
|
||||||
|
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||||
|
# Boston, MA 02110-1301, USA.
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
# Include Beaker environment
|
||||||
|
. /usr/bin/rhts-environment.sh || exit 1
|
||||||
|
. /usr/share/beakerlib/beakerlib.sh || exit 1
|
||||||
|
|
||||||
|
PACKAGE="policycoreutils"
|
||||||
|
|
||||||
|
rlJournalStart
|
||||||
|
rlPhaseStartSetup
|
||||||
|
rlAssertRpm ${PACKAGE}
|
||||||
|
rlPhaseEnd
|
||||||
|
|
||||||
|
rlPhaseStartTest
|
||||||
|
rlRun "semanage interface --help" 0,1
|
||||||
|
for POLICY_TYPE in minimum mls targeted ; do
|
||||||
|
if [ ! -d /etc/selinux/${POLICY_TYPE} ] ; then
|
||||||
|
continue
|
||||||
|
fi
|
||||||
|
rlRun "semanage interface -l -S ${POLICY_TYPE}"
|
||||||
|
done
|
||||||
|
if ! rlIsRHEL 5; then
|
||||||
|
rlRun "semanage interface -l -S unknown 2>&1 | grep \"store cannot be accessed\""
|
||||||
|
fi
|
||||||
|
rlRun "semanage interface -a -t xyz_t xyz 2>&1 | grep -i -e 'not defined' -e 'error' -e 'could not'"
|
||||||
|
rlRun "semanage interface -m xyz" 1,2
|
||||||
|
rlRun "semanage interface -d xyz" 1
|
||||||
|
rlRun "semanage interface -a -t netif_t xyz"
|
||||||
|
if rlIsRHEL 5 6; then
|
||||||
|
rlRun "semanage interface -m -r s0 xyz"
|
||||||
|
else
|
||||||
|
rlRun "semanage interface -m -t netif_t -r s0 xyz"
|
||||||
|
fi
|
||||||
|
rlRun "semanage interface -l | grep \"xyz.*:netif_t:s0\""
|
||||||
|
rlRun "semanage interface -d xyz"
|
||||||
|
rlRun "semanage interface -l | grep xyz" 1
|
||||||
|
rlPhaseEnd
|
||||||
|
|
||||||
|
rlPhaseStartCleanup
|
||||||
|
rlPhaseEnd
|
||||||
|
rlJournalPrintText
|
||||||
|
rlJournalEnd
|
||||||
|
|
65
tests/semanage-login/Makefile
Normal file
65
tests/semanage-login/Makefile
Normal file
@ -0,0 +1,65 @@
|
|||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# Makefile of /CoreOS/policycoreutils/Regression/semanage-login
|
||||||
|
# Description: Does semanage login ... work correctly?
|
||||||
|
# Author: Milos Malik <mmalik@redhat.com>
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# Copyright (c) 2013 Red Hat, Inc. All rights reserved.
|
||||||
|
#
|
||||||
|
# This copyrighted material is made available to anyone wishing
|
||||||
|
# to use, modify, copy, or redistribute it subject to the terms
|
||||||
|
# and conditions of the GNU General Public License version 2.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be
|
||||||
|
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||||
|
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||||
|
# PURPOSE. See the GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public
|
||||||
|
# License along with this program; if not, write to the Free
|
||||||
|
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||||
|
# Boston, MA 02110-1301, USA.
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
export TEST=/CoreOS/policycoreutils/Regression/semanage-login
|
||||||
|
export TESTVERSION=1.0
|
||||||
|
|
||||||
|
BUILT_FILES=
|
||||||
|
|
||||||
|
FILES=$(METADATA) runtest.sh Makefile PURPOSE
|
||||||
|
|
||||||
|
.PHONY: all install download clean
|
||||||
|
|
||||||
|
run: $(FILES) build
|
||||||
|
./runtest.sh
|
||||||
|
|
||||||
|
build: $(BUILT_FILES)
|
||||||
|
test -x runtest.sh || chmod a+x runtest.sh
|
||||||
|
test -x runtest.sh || chcon -t bin_t runtest.sh
|
||||||
|
|
||||||
|
clean:
|
||||||
|
rm -f *~ $(BUILT_FILES)
|
||||||
|
|
||||||
|
include /usr/share/rhts/lib/rhts-make.include
|
||||||
|
|
||||||
|
$(METADATA): Makefile
|
||||||
|
@echo "Owner: Milos Malik <mmalik@redhat.com>" > $(METADATA)
|
||||||
|
@echo "Name: $(TEST)" >> $(METADATA)
|
||||||
|
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
|
||||||
|
@echo "Path: $(TEST_DIR)" >> $(METADATA)
|
||||||
|
@echo "Description: Does semanage login ... work correctly?" >> $(METADATA)
|
||||||
|
@echo "Type: Regression" >> $(METADATA)
|
||||||
|
@echo "TestTime: 10m" >> $(METADATA)
|
||||||
|
@echo "RunFor: policycoreutils" >> $(METADATA)
|
||||||
|
@echo "Requires: policycoreutils policycoreutils-python-utils grep shadow-utils selinux-policy-minimum selinux-policy-mls selinux-policy-targeted" >> $(METADATA)
|
||||||
|
@echo "Priority: Normal" >> $(METADATA)
|
||||||
|
@echo "License: GPLv2" >> $(METADATA)
|
||||||
|
@echo "Confidential: no" >> $(METADATA)
|
||||||
|
@echo "Destructive: no" >> $(METADATA)
|
||||||
|
@echo "Releases: -RHEL4" >> $(METADATA)
|
||||||
|
|
||||||
|
rhts-lint $(METADATA)
|
||||||
|
|
4
tests/semanage-login/PURPOSE
Normal file
4
tests/semanage-login/PURPOSE
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
PURPOSE of /CoreOS/policycoreutils/Regression/semanage-login
|
||||||
|
Description: Does semanage login ... work correctly?
|
||||||
|
Author: Milos Malik <mmalik@redhat.com>
|
||||||
|
|
67
tests/semanage-login/runtest.sh
Executable file
67
tests/semanage-login/runtest.sh
Executable file
@ -0,0 +1,67 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# runtest.sh of /CoreOS/policycoreutils/Regression/semanage-login
|
||||||
|
# Description: Does semanage login ... work correctly?
|
||||||
|
# Author: Milos Malik <mmalik@redhat.com>
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# Copyright (c) 2013 Red Hat, Inc. All rights reserved.
|
||||||
|
#
|
||||||
|
# This copyrighted material is made available to anyone wishing
|
||||||
|
# to use, modify, copy, or redistribute it subject to the terms
|
||||||
|
# and conditions of the GNU General Public License version 2.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be
|
||||||
|
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||||
|
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||||
|
# PURPOSE. See the GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public
|
||||||
|
# License along with this program; if not, write to the Free
|
||||||
|
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||||
|
# Boston, MA 02110-1301, USA.
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
# Include Beaker environment
|
||||||
|
. /usr/bin/rhts-environment.sh || exit 1
|
||||||
|
. /usr/share/beakerlib/beakerlib.sh || exit 1
|
||||||
|
|
||||||
|
PACKAGE="policycoreutils"
|
||||||
|
|
||||||
|
rlJournalStart
|
||||||
|
rlPhaseStartSetup
|
||||||
|
rlAssertRpm ${PACKAGE}
|
||||||
|
rlPhaseEnd
|
||||||
|
|
||||||
|
rlPhaseStartTest
|
||||||
|
rlRun "semanage login --help" 0,1
|
||||||
|
for POLICY_TYPE in minimum mls targeted ; do
|
||||||
|
if [ ! -d /etc/selinux/${POLICY_TYPE} ] ; then
|
||||||
|
continue
|
||||||
|
fi
|
||||||
|
rlRun "semanage login -l -S ${POLICY_TYPE}"
|
||||||
|
done
|
||||||
|
if ! rlIsRHEL 5; then
|
||||||
|
rlRun "semanage login -l -S unknown 2>&1 | grep \"store cannot be accessed\""
|
||||||
|
fi
|
||||||
|
rlRun "semanage login -a -s xyz_u xyz 2>&1 | grep -i -e 'does not exist' -e 'mapping.*invalid' -e 'could not query'"
|
||||||
|
rlRun "semanage login -m xyz" 1
|
||||||
|
rlRun "semanage login -d xyz" 1
|
||||||
|
rlRun "useradd xyz"
|
||||||
|
rlRun "semanage login -a -s user_u xyz"
|
||||||
|
rlRun "semanage login -m -r s0 xyz"
|
||||||
|
rlRun "semanage login -l | grep \"xyz.*user_u.*s0\""
|
||||||
|
rlRun "semanage login -d xyz"
|
||||||
|
rlRun "semanage login -l | grep xyz" 1
|
||||||
|
rlRun "userdel -rf xyz"
|
||||||
|
rlPhaseEnd
|
||||||
|
|
||||||
|
rlPhaseStartCleanup
|
||||||
|
rlPhaseEnd
|
||||||
|
rlJournalPrintText
|
||||||
|
rlJournalEnd
|
||||||
|
|
70
tests/semanage-permissive-d-problems/Makefile
Normal file
70
tests/semanage-permissive-d-problems/Makefile
Normal file
@ -0,0 +1,70 @@
|
|||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# Makefile of /CoreOS/policycoreutils/Regression/semanage-permissive-d-problems
|
||||||
|
# Description: semanage permissive -d accepts more than domain types, its behavior is not reliable
|
||||||
|
# Author: Milos Malik <mmalik@redhat.com>
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# Copyright (c) 2011 Red Hat, Inc. All rights reserved.
|
||||||
|
#
|
||||||
|
# This copyrighted material is made available to anyone wishing
|
||||||
|
# to use, modify, copy, or redistribute it subject to the terms
|
||||||
|
# and conditions of the GNU General Public License version 2.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be
|
||||||
|
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||||
|
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||||
|
# PURPOSE. See the GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public
|
||||||
|
# License along with this program; if not, write to the Free
|
||||||
|
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||||
|
# Boston, MA 02110-1301, USA.
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
export TEST=/CoreOS/policycoreutils/Regression/semanage-permissive-d-problems
|
||||||
|
export TESTVERSION=1.0
|
||||||
|
|
||||||
|
BUILT_FILES=
|
||||||
|
|
||||||
|
FILES=$(METADATA) runtest.sh Makefile PURPOSE
|
||||||
|
|
||||||
|
.PHONY: all install download clean
|
||||||
|
|
||||||
|
run: $(FILES) build
|
||||||
|
./runtest.sh
|
||||||
|
|
||||||
|
build: $(BUILT_FILES)
|
||||||
|
chmod a+x runtest.sh
|
||||||
|
chcon -t bin_t runtest.sh; :
|
||||||
|
|
||||||
|
clean:
|
||||||
|
rm -f *~ $(BUILT_FILES)
|
||||||
|
|
||||||
|
include /usr/share/rhts/lib/rhts-make.include
|
||||||
|
|
||||||
|
$(METADATA): Makefile
|
||||||
|
@echo "Owner: Milos Malik <mmalik@redhat.com>" > $(METADATA)
|
||||||
|
@echo "Name: $(TEST)" >> $(METADATA)
|
||||||
|
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
|
||||||
|
@echo "Path: $(TEST_DIR)" >> $(METADATA)
|
||||||
|
@echo "Description: semanage permissive -d accepts more than domain types, its behavior is not reliable" >> $(METADATA)
|
||||||
|
@echo "Type: Regression" >> $(METADATA)
|
||||||
|
@echo "TestTime: 20m" >> $(METADATA)
|
||||||
|
@echo "RunFor: policycoreutils" >> $(METADATA)
|
||||||
|
@echo "Requires: policycoreutils" >> $(METADATA)
|
||||||
|
@echo "Requires: policycoreutils-python-utils" >> $(METADATA)
|
||||||
|
@echo "Requires: policycoreutils-devel" >> $(METADATA)
|
||||||
|
@echo "Requires: selinux-policy-devel" >> $(METADATA)
|
||||||
|
@echo "Requires: grep" >> $(METADATA)
|
||||||
|
@echo "Requires: coreutils" >> $(METADATA)
|
||||||
|
@echo "Priority: Normal" >> $(METADATA)
|
||||||
|
@echo "License: GPLv2" >> $(METADATA)
|
||||||
|
@echo "Releases: -RHEL4 -RHELServer5 -RHELClient5" >> $(METADATA)
|
||||||
|
@echo "Confidential: no" >> $(METADATA)
|
||||||
|
@echo "Destructive: no" >> $(METADATA)
|
||||||
|
|
||||||
|
rhts-lint $(METADATA)
|
||||||
|
|
5
tests/semanage-permissive-d-problems/PURPOSE
Normal file
5
tests/semanage-permissive-d-problems/PURPOSE
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
PURPOSE of /CoreOS/policycoreutils/Regression/semanage-permissive-d-problems
|
||||||
|
Author: Milos Malik <mmalik@redhat.com>
|
||||||
|
|
||||||
|
Does semanage permissive work correctly?
|
||||||
|
|
93
tests/semanage-permissive-d-problems/runtest.sh
Executable file
93
tests/semanage-permissive-d-problems/runtest.sh
Executable file
@ -0,0 +1,93 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# runtest.sh of /CoreOS/policycoreutils/Regression/semanage-permissive-d-problems
|
||||||
|
# Description: semanage permissive -d accepts more than domain types, its behavior is not reliable
|
||||||
|
# Author: Milos Malik <mmalik@redhat.com>
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# Copyright (c) 2011 Red Hat, Inc. All rights reserved.
|
||||||
|
#
|
||||||
|
# This copyrighted material is made available to anyone wishing
|
||||||
|
# to use, modify, copy, or redistribute it subject to the terms
|
||||||
|
# and conditions of the GNU General Public License version 2.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be
|
||||||
|
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||||
|
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||||
|
# PURPOSE. See the GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public
|
||||||
|
# License along with this program; if not, write to the Free
|
||||||
|
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||||
|
# Boston, MA 02110-1301, USA.
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
# Include rhts environment
|
||||||
|
. /usr/bin/rhts-environment.sh
|
||||||
|
. /usr/share/beakerlib/beakerlib.sh
|
||||||
|
|
||||||
|
PACKAGE="policycoreutils"
|
||||||
|
|
||||||
|
rlJournalStart
|
||||||
|
rlPhaseStartSetup
|
||||||
|
rlAssertRpm ${PACKAGE}
|
||||||
|
rlRun "rpm -qf /usr/sbin/semanage"
|
||||||
|
OUTPUT_FILE=`mktemp`
|
||||||
|
rlRun "sestatus"
|
||||||
|
rlPhaseEnd
|
||||||
|
|
||||||
|
if selinuxenabled ; then
|
||||||
|
rlPhaseStartTest
|
||||||
|
if rlIsRHEL 7 ; then
|
||||||
|
rlFileBackup /usr/share/selinux/default/Makefile
|
||||||
|
rlRun "rm -rf /usr/share/selinux/default/Makefile"
|
||||||
|
fi
|
||||||
|
rlRun "semanage permissive -l | grep fenced" 1
|
||||||
|
rlRun "semanage permissive -a fenced_t"
|
||||||
|
rlRun "semanage permissive -l | grep fenced"
|
||||||
|
rlRun "semanage permissive -d fenced_t"
|
||||||
|
rlRun "semanage permissive -l | grep fenced" 1
|
||||||
|
if rlIsRHEL 7 ; then
|
||||||
|
rlFileRestore
|
||||||
|
fi
|
||||||
|
rlPhaseEnd
|
||||||
|
|
||||||
|
rlPhaseStartTest
|
||||||
|
rlRun "semanage permissive -l 2>&1 | grep -e ypserv_t -e ypbind_t | tee ${OUTPUT_FILE}"
|
||||||
|
rlRun "wc -l < ${OUTPUT_FILE} | grep ^0$"
|
||||||
|
rlRun "semanage permissive -a ypbind_t"
|
||||||
|
rlRun "semanage permissive -a ypserv_t"
|
||||||
|
rlRun "semanage permissive -l 2>&1 | grep -e ypserv_t -e ypbind_t | tee ${OUTPUT_FILE}"
|
||||||
|
rlRun "wc -l < ${OUTPUT_FILE} | grep ^2$"
|
||||||
|
rlRun "semanage permissive -d yp" 1-255
|
||||||
|
rlRun "semanage permissive -l 2>&1 | grep -e ypserv_t -e ypbind_t | tee ${OUTPUT_FILE}"
|
||||||
|
rlRun "wc -l < ${OUTPUT_FILE} | grep ^2$"
|
||||||
|
rlRun "semanage permissive -d ypbind_t"
|
||||||
|
rlRun "semanage permissive -d ypserv_t"
|
||||||
|
rlRun "semanage permissive -l 2>&1 | grep -e ypserv_t -e ypbind_t | tee ${OUTPUT_FILE}"
|
||||||
|
rlRun "wc -l < ${OUTPUT_FILE} | grep ^0$"
|
||||||
|
rlPhaseEnd
|
||||||
|
|
||||||
|
rlPhaseStartTest
|
||||||
|
rlRun -s "semanage permissive -d" 1
|
||||||
|
rlAssertNotGrep 'traceback' $rlRun_LOG -iEq
|
||||||
|
rlAssertGrep 'error: the following argument is required: type' $rlRun_LOG -iEq
|
||||||
|
rm -f $rlRun_LOG
|
||||||
|
rlPhaseEnd
|
||||||
|
else
|
||||||
|
rlPhaseStartTest
|
||||||
|
rlRun "semanage permissive -l >& ${OUTPUT_FILE}" 0,1
|
||||||
|
rlRun "grep -C 32 -i -e exception -e traceback -e error ${OUTPUT_FILE}" 1
|
||||||
|
rlPhaseEnd
|
||||||
|
fi
|
||||||
|
|
||||||
|
rlPhaseStartCleanup
|
||||||
|
rm -f ${OUTPUT_FILE}
|
||||||
|
rlPhaseEnd
|
||||||
|
rlJournalPrintText
|
||||||
|
rlJournalEnd
|
||||||
|
|
71
tests/semanage-port-add-delete-problems/Makefile
Normal file
71
tests/semanage-port-add-delete-problems/Makefile
Normal file
@ -0,0 +1,71 @@
|
|||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# Makefile of /CoreOS/policycoreutils/Regression/semanage-port-add-delete-problems
|
||||||
|
# Description: semanage accepts invalid port numbers and then cannot delete them
|
||||||
|
# Author: Milos Malik <mmalik@redhat.com>
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# Copyright (c) 2009 Red Hat, Inc. All rights reserved.
|
||||||
|
#
|
||||||
|
# This copyrighted material is made available to anyone wishing
|
||||||
|
# to use, modify, copy, or redistribute it subject to the terms
|
||||||
|
# and conditions of the GNU General Public License version 2.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be
|
||||||
|
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||||
|
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||||
|
# PURPOSE. See the GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public
|
||||||
|
# License along with this program; if not, write to the Free
|
||||||
|
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||||
|
# Boston, MA 02110-1301, USA.
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
export TEST=/CoreOS/policycoreutils/Regression/semanage-port-add-delete-problems
|
||||||
|
export TESTVERSION=1.0
|
||||||
|
|
||||||
|
BUILT_FILES=
|
||||||
|
|
||||||
|
FILES=$(METADATA) runtest.sh Makefile PURPOSE
|
||||||
|
|
||||||
|
.PHONY: all install download clean
|
||||||
|
|
||||||
|
run: $(FILES) build
|
||||||
|
./runtest.sh
|
||||||
|
|
||||||
|
build: $(BUILT_FILES)
|
||||||
|
chmod a+x runtest.sh
|
||||||
|
chcon -t bin_t runtest.sh;:
|
||||||
|
|
||||||
|
clean:
|
||||||
|
rm -f *~ $(BUILT_FILES)
|
||||||
|
|
||||||
|
include /usr/share/rhts/lib/rhts-make.include
|
||||||
|
|
||||||
|
$(METADATA): Makefile
|
||||||
|
@echo "Owner: Milos Malik <mmalik@redhat.com>" > $(METADATA)
|
||||||
|
@echo "Name: $(TEST)" >> $(METADATA)
|
||||||
|
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
|
||||||
|
@echo "Path: $(TEST_DIR)" >> $(METADATA)
|
||||||
|
@echo "Description: semanage accepts invalid port numbers and then cannot delete them" >> $(METADATA)
|
||||||
|
@echo "Type: Regression" >> $(METADATA)
|
||||||
|
@echo "TestTime: 15m" >> $(METADATA)
|
||||||
|
@echo "RunFor: policycoreutils" >> $(METADATA)
|
||||||
|
@echo "Requires: policycoreutils" >> $(METADATA)
|
||||||
|
@echo "Requires: policycoreutils-python-utils" >> $(METADATA)
|
||||||
|
@echo "Requires: setools-console" >> $(METADATA)
|
||||||
|
@echo "Requires: libselinux" >> $(METADATA)
|
||||||
|
@echo "Requires: libselinux-utils" >> $(METADATA)
|
||||||
|
@echo "Requires: coreutils" >> $(METADATA)
|
||||||
|
@echo "Requires: grep" >> $(METADATA)
|
||||||
|
@echo "Priority: Normal" >> $(METADATA)
|
||||||
|
@echo "License: GPLv2" >> $(METADATA)
|
||||||
|
@echo "Confidential: no" >> $(METADATA)
|
||||||
|
@echo "Destructive: no" >> $(METADATA)
|
||||||
|
@echo "Releases: -RHEL4" >> $(METADATA)
|
||||||
|
|
||||||
|
rhts-lint $(METADATA)
|
||||||
|
|
5
tests/semanage-port-add-delete-problems/PURPOSE
Normal file
5
tests/semanage-port-add-delete-problems/PURPOSE
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
PURPOSE of /CoreOS/policycoreutils/Regression/semanage-port-add-delete-problems
|
||||||
|
Author: Milos Malik <mmalik@redhat.com>
|
||||||
|
|
||||||
|
semanage accepts invalid port numbers and then cannot delete them
|
||||||
|
|
137
tests/semanage-port-add-delete-problems/runtest.sh
Executable file
137
tests/semanage-port-add-delete-problems/runtest.sh
Executable file
@ -0,0 +1,137 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
# vim: dict=/usr/share/rhts-library/dictionary.vim cpt=.,w,b,u,t,i,k
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# runtest.sh of /CoreOS/policycoreutils/Regression/semanage-port-add-delete-problems
|
||||||
|
# Description: semanage accepts invalid port numbers and then cannot delete them
|
||||||
|
# Author: Milos Malik <mmalik@redhat.com>
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# Copyright (c) 2009 Red Hat, Inc. All rights reserved.
|
||||||
|
#
|
||||||
|
# This copyrighted material is made available to anyone wishing
|
||||||
|
# to use, modify, copy, or redistribute it subject to the terms
|
||||||
|
# and conditions of the GNU General Public License version 2.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be
|
||||||
|
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||||
|
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||||
|
# PURPOSE. See the GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public
|
||||||
|
# License along with this program; if not, write to the Free
|
||||||
|
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||||
|
# Boston, MA 02110-1301, USA.
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
. /usr/bin/rhts-environment.sh || exit 1
|
||||||
|
. /usr/share/beakerlib/beakerlib.sh || exit 1
|
||||||
|
|
||||||
|
PACKAGE="policycoreutils"
|
||||||
|
PORT_NAME="ldap_port_t"
|
||||||
|
BAD_PORT_NUMBER="123456"
|
||||||
|
GOOD_PORT_NUMBER="1389"
|
||||||
|
|
||||||
|
rlJournalStart
|
||||||
|
rlPhaseStartSetup
|
||||||
|
rlAssertRpm ${PACKAGE}
|
||||||
|
rlRun "rpm -qf /usr/sbin/semanage"
|
||||||
|
rlRun "rpm -qf /usr/bin/seinfo"
|
||||||
|
OUTPUT_FILE=`mktemp`
|
||||||
|
rlRun "setenforce 1"
|
||||||
|
rlRun "sestatus"
|
||||||
|
rlPhaseEnd
|
||||||
|
|
||||||
|
rlPhaseStartTest
|
||||||
|
rlRun "semanage port -l | grep ${PORT_NAME}"
|
||||||
|
|
||||||
|
rlRun "semanage port -l | grep ${PORT_NAME} | tee -a ${OUTPUT_FILE}"
|
||||||
|
rlRun "semanage port -a -t ${PORT_NAME} -p tcp ${BAD_PORT_NUMBER}" 1
|
||||||
|
rlRun "semanage port -l | grep ${PORT_NAME} | tee -a ${OUTPUT_FILE}"
|
||||||
|
rlRun "semanage port -d -t ${PORT_NAME} -p tcp ${BAD_PORT_NUMBER}" 1
|
||||||
|
rlRun "semanage port -l | grep ${PORT_NAME} | tee -a ${OUTPUT_FILE}"
|
||||||
|
#rlRun "sort ${OUTPUT_FILE} | uniq | wc -l | grep '^2$'"
|
||||||
|
|
||||||
|
rlRun "semanage port -l | grep ${PORT_NAME} | grep ${GOOD_PORT_NUMBER}" 1
|
||||||
|
rlRun "semanage port -a -t ${PORT_NAME} -p tcp ${GOOD_PORT_NUMBER}"
|
||||||
|
rlRun "semanage port -l | grep ${PORT_NAME} | grep ${GOOD_PORT_NUMBER}"
|
||||||
|
rlRun "semanage port -d -t ${PORT_NAME} -p tcp ${GOOD_PORT_NUMBER}"
|
||||||
|
rlRun "semanage port -l | grep ${PORT_NAME} | grep ${GOOD_PORT_NUMBER}" 1
|
||||||
|
rlPhaseEnd
|
||||||
|
|
||||||
|
rlPhaseStartTest
|
||||||
|
rlRun "semanage port -a -t syslogd_port_t -p tcp 60514-60516 2>&1 | grep -i traceback" 1
|
||||||
|
rlRun "semanage port -l | grep syslogd_port_t"
|
||||||
|
rlRun "semanage port -d -t syslogd_port_t -p tcp 60514-60516 2>&1 | grep -i traceback" 1
|
||||||
|
rlPhaseEnd
|
||||||
|
|
||||||
|
if rlIsRHEL ; then
|
||||||
|
rlPhaseStartTest
|
||||||
|
rlRun "ps -efZ | grep -v grep | grep \"auditd_t.*auditd\""
|
||||||
|
if rlIsRHEL 5 6; then
|
||||||
|
PORT_TYPE="syslogd_port_t"
|
||||||
|
else
|
||||||
|
PORT_TYPE="commplex_link_port_t"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# adding a port number to a type
|
||||||
|
START_DATE_TIME=`date "+%m/%d/%Y %T"`
|
||||||
|
sleep 1
|
||||||
|
rlRun "semanage port -a -p tcp -t $PORT_TYPE 5005"
|
||||||
|
sleep 2
|
||||||
|
|
||||||
|
# Check for user_avc
|
||||||
|
rlRun "ausearch -m user_avc -ts ${START_DATE_TIME} > ${OUTPUT_FILE}" 0,1
|
||||||
|
LINE_COUNT=`wc -l < ${OUTPUT_FILE}`
|
||||||
|
rlRun "cat ${OUTPUT_FILE}"
|
||||||
|
rlAssert0 "number of lines in ${OUTPUT_FILE} should be 0" ${LINE_COUNT}
|
||||||
|
|
||||||
|
# deleting a port number from a type
|
||||||
|
START_DATE_TIME=`date "+%m/%d/%Y %T"`
|
||||||
|
sleep 1
|
||||||
|
rlRun "semanage port -d -p tcp -t $PORT_TYPE 5005"
|
||||||
|
sleep 2
|
||||||
|
|
||||||
|
# Check for user_avc
|
||||||
|
rlRun "ausearch -m user_avc -ts ${START_DATE_TIME} > ${OUTPUT_FILE}" 0,1
|
||||||
|
LINE_COUNT=`wc -l < ${OUTPUT_FILE}`
|
||||||
|
rlRun "cat ${OUTPUT_FILE}"
|
||||||
|
rlAssert0 "number of lines in ${OUTPUT_FILE} should be 0" ${LINE_COUNT}
|
||||||
|
rlPhaseEnd
|
||||||
|
fi
|
||||||
|
|
||||||
|
if ! rlIsRHEL 5 ; then
|
||||||
|
rlPhaseStartTest
|
||||||
|
rlRun "seinfo --portcon | grep :hi_reserved_port_t:"
|
||||||
|
rlRun "seinfo --portcon | grep :reserved_port_t:"
|
||||||
|
rlRun "semanage port -l | grep ^hi_reserved_port_t"
|
||||||
|
rlRun "semanage port -l | grep ^reserved_port_t"
|
||||||
|
if ! rlIsRHEL 6 ; then
|
||||||
|
rlRun "seinfo --portcon | grep :unreserved_port_t:"
|
||||||
|
rlRun "semanage port -l | grep ^unreserved_port_t"
|
||||||
|
fi
|
||||||
|
rlPhaseEnd
|
||||||
|
fi
|
||||||
|
|
||||||
|
rlPhaseStartTest "manipulation with hard-wired ports"
|
||||||
|
rlRun "semanage port -l | grep 'smtp_port_t.*tcp.*25'"
|
||||||
|
rlRun "semanage port -a -t smtp_port_t -p tcp 25 2>&1 | tee ${OUTPUT_FILE}"
|
||||||
|
rlAssertGrep "port .* already defined" ${OUTPUT_FILE} -i
|
||||||
|
rlRun "semanage port -a -t smtp_port_t -p tcp 25 2>&1 | tee ${OUTPUT_FILE}"
|
||||||
|
rlAssertGrep "port .* already defined" ${OUTPUT_FILE} -i
|
||||||
|
rlRun "semanage port -l | grep 'smtp_port_t.*tcp.*25'"
|
||||||
|
rlRun "semanage port -d -t smtp_port_t -p tcp 25 2>&1 | tee ${OUTPUT_FILE}"
|
||||||
|
rlAssertGrep "port .* is defined in policy.*cannot be deleted" ${OUTPUT_FILE} -i
|
||||||
|
rlRun "semanage port -d -t smtp_port_t -p tcp 25 2>&1 | tee ${OUTPUT_FILE}"
|
||||||
|
rlAssertGrep "port .* is defined in policy.*cannot be deleted" ${OUTPUT_FILE} -i
|
||||||
|
rlRun "semanage port -l | grep 'smtp_port_t.*tcp.*25'"
|
||||||
|
rlPhaseEnd
|
||||||
|
|
||||||
|
rlPhaseStartCleanup
|
||||||
|
rm -f ${OUTPUT_FILE}
|
||||||
|
rlPhaseEnd
|
||||||
|
rlJournalPrintText
|
||||||
|
rlJournalEnd
|
||||||
|
|
65
tests/semanage-user/Makefile
Normal file
65
tests/semanage-user/Makefile
Normal file
@ -0,0 +1,65 @@
|
|||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# Makefile of /CoreOS/policycoreutils/Regression/semanage-user
|
||||||
|
# Description: Does semanage user ... work correctly?
|
||||||
|
# Author: Milos Malik <mmalik@redhat.com>
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# Copyright (c) 2013 Red Hat, Inc. All rights reserved.
|
||||||
|
#
|
||||||
|
# This copyrighted material is made available to anyone wishing
|
||||||
|
# to use, modify, copy, or redistribute it subject to the terms
|
||||||
|
# and conditions of the GNU General Public License version 2.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be
|
||||||
|
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||||
|
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||||
|
# PURPOSE. See the GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public
|
||||||
|
# License along with this program; if not, write to the Free
|
||||||
|
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||||
|
# Boston, MA 02110-1301, USA.
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
export TEST=/CoreOS/policycoreutils/Regression/semanage-user
|
||||||
|
export TESTVERSION=1.0
|
||||||
|
|
||||||
|
BUILT_FILES=
|
||||||
|
|
||||||
|
FILES=$(METADATA) runtest.sh Makefile PURPOSE testpolicy.te
|
||||||
|
|
||||||
|
.PHONY: all install download clean
|
||||||
|
|
||||||
|
run: $(FILES) build
|
||||||
|
./runtest.sh
|
||||||
|
|
||||||
|
build: $(BUILT_FILES)
|
||||||
|
test -x runtest.sh || chmod a+x runtest.sh
|
||||||
|
test -x runtest.sh || chcon -t bin_t runtest.sh
|
||||||
|
|
||||||
|
clean:
|
||||||
|
rm -f *~ $(BUILT_FILES)
|
||||||
|
|
||||||
|
include /usr/share/rhts/lib/rhts-make.include
|
||||||
|
|
||||||
|
$(METADATA): Makefile
|
||||||
|
@echo "Owner: Milos Malik <mmalik@redhat.com>" > $(METADATA)
|
||||||
|
@echo "Name: $(TEST)" >> $(METADATA)
|
||||||
|
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
|
||||||
|
@echo "Path: $(TEST_DIR)" >> $(METADATA)
|
||||||
|
@echo "Description: Does semanage user ... work correctly?" >> $(METADATA)
|
||||||
|
@echo "Type: Regression" >> $(METADATA)
|
||||||
|
@echo "TestTime: 20m" >> $(METADATA)
|
||||||
|
@echo "RunFor: policycoreutils" >> $(METADATA)
|
||||||
|
@echo "Requires: policycoreutils policycoreutils-python-utils grep selinux-policy-devel selinux-policy-minimum selinux-policy-mls selinux-policy-targeted selinux-policy-devel" >> $(METADATA)
|
||||||
|
@echo "Priority: Normal" >> $(METADATA)
|
||||||
|
@echo "License: GPLv2" >> $(METADATA)
|
||||||
|
@echo "Confidential: no" >> $(METADATA)
|
||||||
|
@echo "Destructive: no" >> $(METADATA)
|
||||||
|
@echo "Releases: -RHEL4" >> $(METADATA)
|
||||||
|
|
||||||
|
rhts-lint $(METADATA)
|
||||||
|
|
4
tests/semanage-user/PURPOSE
Normal file
4
tests/semanage-user/PURPOSE
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
PURPOSE of /CoreOS/policycoreutils/Regression/semanage-user
|
||||||
|
Description: Does semanage user ... work correctly?
|
||||||
|
Author: Milos Malik <mmalik@redhat.com>
|
||||||
|
|
76
tests/semanage-user/runtest.sh
Executable file
76
tests/semanage-user/runtest.sh
Executable file
@ -0,0 +1,76 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# runtest.sh of /CoreOS/policycoreutils/Regression/semanage-user
|
||||||
|
# Description: Does semanage user ... work correctly?
|
||||||
|
# Author: Milos Malik <mmalik@redhat.com>
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# Copyright (c) 2013 Red Hat, Inc. All rights reserved.
|
||||||
|
#
|
||||||
|
# This copyrighted material is made available to anyone wishing
|
||||||
|
# to use, modify, copy, or redistribute it subject to the terms
|
||||||
|
# and conditions of the GNU General Public License version 2.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be
|
||||||
|
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||||
|
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||||
|
# PURPOSE. See the GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public
|
||||||
|
# License along with this program; if not, write to the Free
|
||||||
|
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||||
|
# Boston, MA 02110-1301, USA.
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
# Include Beaker environment
|
||||||
|
. /usr/bin/rhts-environment.sh || exit 1
|
||||||
|
. /usr/share/beakerlib/beakerlib.sh || exit 1
|
||||||
|
|
||||||
|
PACKAGE="policycoreutils"
|
||||||
|
|
||||||
|
rlJournalStart
|
||||||
|
rlPhaseStartSetup
|
||||||
|
rlAssertRpm ${PACKAGE}
|
||||||
|
rlRun "make -f /usr/share/selinux/devel/Makefile"
|
||||||
|
rlRun "ls -l testpolicy.pp"
|
||||||
|
rlPhaseEnd
|
||||||
|
|
||||||
|
rlPhaseStartTest
|
||||||
|
if rlIsRHEL 5 6; then
|
||||||
|
rlRun "semanage user --help" 1
|
||||||
|
else
|
||||||
|
rlRun "semanage user --help" 0
|
||||||
|
# semanage: list option can not be used with --level ("semanage user -l")
|
||||||
|
rlRun "semanage user --help | grep fcontext" 1
|
||||||
|
fi
|
||||||
|
for POLICY_TYPE in minimum mls targeted ; do
|
||||||
|
if [ ! -d /etc/selinux/${POLICY_TYPE} ] ; then
|
||||||
|
continue
|
||||||
|
fi
|
||||||
|
rlRun "semanage user -l -S ${POLICY_TYPE}"
|
||||||
|
done
|
||||||
|
if ! rlIsRHEL 5; then
|
||||||
|
rlRun "semanage user -l -S unknown 2>&1 | grep \"store cannot be accessed\""
|
||||||
|
fi
|
||||||
|
rlRun "semanage user -a -P user -R xyz_r xyz_u 2>&1 | grep -i -e 'undefined' -e 'error' -e 'could not'"
|
||||||
|
rlRun "semanage user -m xyz_u" 1
|
||||||
|
rlRun "semanage user -d xyz_u" 1
|
||||||
|
rlRun "semodule -i testpolicy.pp"
|
||||||
|
rlRun "semanage user -a -P user -R xyz_r xyz_u"
|
||||||
|
rlRun "semanage user -m -r s0 xyz_u"
|
||||||
|
rlRun "semanage user -l | grep \"xyz_u.*s0.*s0.*xyz_r\""
|
||||||
|
rlRun "semanage user -d xyz_u"
|
||||||
|
rlRun "semanage user -l | grep xyz_u" 1
|
||||||
|
rlRun "semodule -r testpolicy"
|
||||||
|
rlPhaseEnd
|
||||||
|
|
||||||
|
rlPhaseStartCleanup
|
||||||
|
rlRun "rm -rf tmp testpolicy.{fc,if,pp}"
|
||||||
|
rlPhaseEnd
|
||||||
|
rlJournalPrintText
|
||||||
|
rlJournalEnd
|
||||||
|
|
11
tests/semanage-user/testpolicy.te
Normal file
11
tests/semanage-user/testpolicy.te
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
module testpolicy 1.0;
|
||||||
|
|
||||||
|
type xyz_t;
|
||||||
|
role xyz_r;
|
||||||
|
|
||||||
|
require {
|
||||||
|
type xyz_t;
|
||||||
|
}
|
||||||
|
|
||||||
|
role xyz_r types xyz_t;
|
||||||
|
|
64
tests/sepolicy-generate/Makefile
Normal file
64
tests/sepolicy-generate/Makefile
Normal file
@ -0,0 +1,64 @@
|
|||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# Makefile of /CoreOS/policycoreutils/Sanity/sepolicy-generate
|
||||||
|
# Description: sepolicy generate sanity test
|
||||||
|
# Author: Michal Trunecka <mtruneck@redhat.com>
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# Copyright (c) 2013 Red Hat, Inc. All rights reserved.
|
||||||
|
#
|
||||||
|
# This copyrighted material is made available to anyone wishing
|
||||||
|
# to use, modify, copy, or redistribute it subject to the terms
|
||||||
|
# and conditions of the GNU General Public License version 2.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be
|
||||||
|
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||||
|
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||||
|
# PURPOSE. See the GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public
|
||||||
|
# License along with this program; if not, write to the Free
|
||||||
|
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||||
|
# Boston, MA 02110-1301, USA.
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
export TEST=/CoreOS/policycoreutils/Sanity/sepolicy-generate
|
||||||
|
export TESTVERSION=1.0
|
||||||
|
|
||||||
|
BUILT_FILES=
|
||||||
|
|
||||||
|
FILES=$(METADATA) runtest.sh Makefile PURPOSE
|
||||||
|
|
||||||
|
.PHONY: all install download clean
|
||||||
|
|
||||||
|
run: $(FILES) build
|
||||||
|
./runtest.sh
|
||||||
|
|
||||||
|
build: $(BUILT_FILES)
|
||||||
|
test -x runtest.sh || chmod a+x runtest.sh
|
||||||
|
|
||||||
|
clean:
|
||||||
|
rm -f *~ $(BUILT_FILES)
|
||||||
|
|
||||||
|
include /usr/share/rhts/lib/rhts-make.include
|
||||||
|
|
||||||
|
$(METADATA): Makefile
|
||||||
|
@echo "Owner: Michal Trunecka <mtruneck@redhat.com>" > $(METADATA)
|
||||||
|
@echo "Name: $(TEST)" >> $(METADATA)
|
||||||
|
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
|
||||||
|
@echo "Path: $(TEST_DIR)" >> $(METADATA)
|
||||||
|
@echo "Description: sepolicy generate sanity test" >> $(METADATA)
|
||||||
|
@echo "Type: Sanity" >> $(METADATA)
|
||||||
|
@echo "TestTime: 115m" >> $(METADATA)
|
||||||
|
@echo "RunFor: policycoreutils" >> $(METADATA)
|
||||||
|
@echo "Requires: policycoreutils policycoreutils-devel rpm-build" >> $(METADATA)
|
||||||
|
@echo "Priority: Normal" >> $(METADATA)
|
||||||
|
@echo "License: GPLv2" >> $(METADATA)
|
||||||
|
@echo "Confidential: no" >> $(METADATA)
|
||||||
|
@echo "Destructive: no" >> $(METADATA)
|
||||||
|
@echo "Releases: -RHEL4 -RHEL5 -RHEL6" >> $(METADATA)
|
||||||
|
|
||||||
|
rhts-lint $(METADATA)
|
||||||
|
|
3
tests/sepolicy-generate/PURPOSE
Normal file
3
tests/sepolicy-generate/PURPOSE
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
PURPOSE of /CoreOS/policycoreutils/Sanity/sepolicy-generate
|
||||||
|
Description: sepolicy generate sanity test
|
||||||
|
Author: Michal Trunecka <mtruneck@redhat.com>
|
115
tests/sepolicy-generate/runtest.sh
Executable file
115
tests/sepolicy-generate/runtest.sh
Executable file
@ -0,0 +1,115 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# runtest.sh of /CoreOS/policycoreutils/Sanity/sepolicy-generate
|
||||||
|
# Description: sepolicy generate sanity test
|
||||||
|
# Author: Michal Trunecka <mtruneck@redhat.com>
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# Copyright (c) 2013 Red Hat, Inc. All rights reserved.
|
||||||
|
#
|
||||||
|
# This copyrighted material is made available to anyone wishing
|
||||||
|
# to use, modify, copy, or redistribute it subject to the terms
|
||||||
|
# and conditions of the GNU General Public License version 2.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be
|
||||||
|
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||||
|
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||||
|
# PURPOSE. See the GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public
|
||||||
|
# License along with this program; if not, write to the Free
|
||||||
|
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||||
|
# Boston, MA 02110-1301, USA.
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
# Include Beaker environment
|
||||||
|
. /usr/bin/rhts-environment.sh || exit 1
|
||||||
|
. /usr/share/beakerlib/beakerlib.sh || exit 1
|
||||||
|
|
||||||
|
PACKAGE="policycoreutils"
|
||||||
|
|
||||||
|
rlJournalStart
|
||||||
|
rlPhaseStartSetup
|
||||||
|
rlRun "rlCheckRequirements ${PACKAGES[*]}" || rlDie "cannot continue"
|
||||||
|
rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
|
||||||
|
rlRun "pushd $TmpDir"
|
||||||
|
rlPhaseEnd
|
||||||
|
|
||||||
|
rlPhaseStartTest
|
||||||
|
rlRun "mkdir mypolicy"
|
||||||
|
rlRun "sepolicy generate --customize -p mypolicy -n testpolicy -d httpd_sys_script_t -w /home"
|
||||||
|
rlRun "grep 'manage_dirs_pattern(httpd_sys_script_t' mypolicy/testpolicy.te"
|
||||||
|
rlRun "rm -rf mypolicy"
|
||||||
|
rlPhaseEnd
|
||||||
|
|
||||||
|
rlPhaseStartTest
|
||||||
|
rlRun "mkdir mypolicy"
|
||||||
|
rlRun "touch /usr/bin/testpolicy"
|
||||||
|
for VARIANT in " -n testpolicy --admin_user -r webadm_r" \
|
||||||
|
" --application /usr/bin/testpolicy " \
|
||||||
|
" -n testpolicy --confined_admin -a firewalld " \
|
||||||
|
" -n testpolicy --confined_admin " \
|
||||||
|
" -n testpolicy --customize -d httpd_t -a firewalld " \
|
||||||
|
" -n testpolicy --customize -d httpd_t" \
|
||||||
|
" --dbus /usr/bin/testpolicy " \
|
||||||
|
" -n testpolicy --desktop_user " \
|
||||||
|
" --inetd /usr/bin/testpolicy " \
|
||||||
|
" --init /usr/bin/testpolicy " \
|
||||||
|
" -n testpolicy --newtype -t newtype_var_log_t " \
|
||||||
|
" -n testpolicy --newtype -t newtype_unit_file_t " \
|
||||||
|
" -n testpolicy --newtype -t newtype_var_run_t " \
|
||||||
|
" -n testpolicy --newtype -t newtype_var_cache_t " \
|
||||||
|
" -n testpolicy --newtype -t newtype_tmp_t " \
|
||||||
|
" -n testpolicy --newtype -t newtype_port_t " \
|
||||||
|
" -n testpolicy --newtype -t newtype_var_spool_t " \
|
||||||
|
" -n testpolicy --newtype -t newtype_var_lib_t " \
|
||||||
|
" -n testpolicy --sandbox " \
|
||||||
|
" -n testpolicy --term_user " \
|
||||||
|
" -n testpolicy --x_user "
|
||||||
|
# " --cgi /usr/bin/testpolicy "
|
||||||
|
do
|
||||||
|
rlRun "sepolicy generate -p mypolicy $VARIANT"
|
||||||
|
rlRun "cat mypolicy/testpolicy.te"
|
||||||
|
rlRun "cat mypolicy/testpolicy.if"
|
||||||
|
rlRun "cat mypolicy/testpolicy.fc"
|
||||||
|
if echo "$VARIANT" | grep -q newtype; then
|
||||||
|
rlAssertNotExists "mypolicy/testpolicy.sh"
|
||||||
|
rlAssertNotExists "mypolicy/testpolicy.spec"
|
||||||
|
else
|
||||||
|
rlRun "mypolicy/testpolicy.sh"
|
||||||
|
rlRun "semodule -l | grep testpolicy"
|
||||||
|
rlRun "semanage user -d testpolicy_u" 0-255
|
||||||
|
rlRun "semodule -r testpolicy"
|
||||||
|
fi
|
||||||
|
|
||||||
|
rlRun "rm -rf mypolicy/*"
|
||||||
|
rlRun "sleep 1"
|
||||||
|
|
||||||
|
if ! echo "$VARIANT" | grep -q newtype; then
|
||||||
|
rlRun "sepolicy generate -p mypolicy -w /home $VARIANT"
|
||||||
|
rlRun "cat mypolicy/testpolicy.te"
|
||||||
|
rlRun "cat mypolicy/testpolicy.if"
|
||||||
|
rlRun "cat mypolicy/testpolicy.fc"
|
||||||
|
|
||||||
|
rlRun "mypolicy/testpolicy.sh"
|
||||||
|
rlRun "semodule -l | grep testpolicy"
|
||||||
|
rlRun "semanage user -d testpolicy_u" 0-255
|
||||||
|
rlRun "semodule -r testpolicy"
|
||||||
|
|
||||||
|
rlRun "rm -rf mypolicy/*"
|
||||||
|
rlRun "sleep 1"
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
rlRun "rm -rf mypolicy"
|
||||||
|
rlPhaseEnd
|
||||||
|
|
||||||
|
rlPhaseStartCleanup
|
||||||
|
rlRun "popd"
|
||||||
|
rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
|
||||||
|
rlPhaseEnd
|
||||||
|
rlJournalPrintText
|
||||||
|
rlJournalEnd
|
67
tests/sestatus/Makefile
Normal file
67
tests/sestatus/Makefile
Normal file
@ -0,0 +1,67 @@
|
|||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# Makefile of /CoreOS/policycoreutils/Sanity/sestatus
|
||||||
|
# Description: tests everything about sestatus
|
||||||
|
# Author: Milos Malik <mmalik@redhat.com>
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# Copyright (c) 2011 Red Hat, Inc. All rights reserved.
|
||||||
|
#
|
||||||
|
# This copyrighted material is made available to anyone wishing
|
||||||
|
# to use, modify, copy, or redistribute it subject to the terms
|
||||||
|
# and conditions of the GNU General Public License version 2.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be
|
||||||
|
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||||
|
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||||
|
# PURPOSE. See the GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public
|
||||||
|
# License along with this program; if not, write to the Free
|
||||||
|
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||||
|
# Boston, MA 02110-1301, USA.
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
export TEST=/CoreOS/policycoreutils/Sanity/sestatus
|
||||||
|
export TESTVERSION=1.0
|
||||||
|
|
||||||
|
BUILT_FILES=
|
||||||
|
|
||||||
|
FILES=$(METADATA) runtest.sh Makefile PURPOSE
|
||||||
|
|
||||||
|
.PHONY: all install download clean
|
||||||
|
|
||||||
|
run: $(FILES) build
|
||||||
|
./runtest.sh
|
||||||
|
|
||||||
|
build: $(BUILT_FILES)
|
||||||
|
chmod a+x runtest.sh
|
||||||
|
chcon -t bin_t runtest.sh
|
||||||
|
|
||||||
|
clean:
|
||||||
|
rm -f *~ $(BUILT_FILES)
|
||||||
|
|
||||||
|
include /usr/share/rhts/lib/rhts-make.include
|
||||||
|
|
||||||
|
$(METADATA): Makefile
|
||||||
|
@echo "Owner: Milos Malik <mmalik@redhat.com>" > $(METADATA)
|
||||||
|
@echo "Name: $(TEST)" >> $(METADATA)
|
||||||
|
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
|
||||||
|
@echo "Path: $(TEST_DIR)" >> $(METADATA)
|
||||||
|
@echo "Description: tests everything about sestatus" >> $(METADATA)
|
||||||
|
@echo "Type: Sanity" >> $(METADATA)
|
||||||
|
@echo "TestTime: 5m" >> $(METADATA)
|
||||||
|
@echo "RunFor: policycoreutils" >> $(METADATA)
|
||||||
|
@echo "Requires: policycoreutils" >> $(METADATA)
|
||||||
|
@echo "Requires: grep" >> $(METADATA)
|
||||||
|
@echo "Requires: man" >> $(METADATA)
|
||||||
|
@echo "Priority: Normal" >> $(METADATA)
|
||||||
|
@echo "License: GPLv2" >> $(METADATA)
|
||||||
|
@echo "Confidential: no" >> $(METADATA)
|
||||||
|
@echo "Destructive: no" >> $(METADATA)
|
||||||
|
@echo "Releases: -RHEL4" >> $(METADATA)
|
||||||
|
|
||||||
|
rhts-lint $(METADATA)
|
||||||
|
|
4
tests/sestatus/PURPOSE
Normal file
4
tests/sestatus/PURPOSE
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
PURPOSE of /CoreOS/policycoreutils/Sanity/sestatus
|
||||||
|
Description: tests everything about sestatus
|
||||||
|
Author: Milos Malik <mmalik@redhat.com>
|
||||||
|
|
114
tests/sestatus/runtest.sh
Normal file
114
tests/sestatus/runtest.sh
Normal file
@ -0,0 +1,114 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# runtest.sh of /CoreOS/policycoreutils/Sanity/sestatus
|
||||||
|
# Description: tests everything about sestatus
|
||||||
|
# Author: Milos Malik <mmalik@redhat.com>
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# Copyright (c) 2011 Red Hat, Inc. All rights reserved.
|
||||||
|
#
|
||||||
|
# This copyrighted material is made available to anyone wishing
|
||||||
|
# to use, modify, copy, or redistribute it subject to the terms
|
||||||
|
# and conditions of the GNU General Public License version 2.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be
|
||||||
|
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||||
|
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||||
|
# PURPOSE. See the GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public
|
||||||
|
# License along with this program; if not, write to the Free
|
||||||
|
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||||
|
# Boston, MA 02110-1301, USA.
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
# Include rhts environment
|
||||||
|
. /usr/bin/rhts-environment.sh
|
||||||
|
. /usr/share/beakerlib/beakerlib.sh
|
||||||
|
|
||||||
|
PACKAGE="policycoreutils"
|
||||||
|
if rlIsRHEL 5 6 ; then
|
||||||
|
SELINUX_FS_MOUNT="/selinux"
|
||||||
|
else # RHEL-7 and above
|
||||||
|
SELINUX_FS_MOUNT="/sys/fs/selinux"
|
||||||
|
fi
|
||||||
|
|
||||||
|
rlJournalStart
|
||||||
|
rlPhaseStartSetup
|
||||||
|
rlAssertRpm ${PACKAGE}
|
||||||
|
rlFileBackup /etc/sestatus.conf
|
||||||
|
rlRun "mount | grep -i selinux" 0,1
|
||||||
|
OUTPUT_FILE=`mktemp`
|
||||||
|
rlPhaseEnd
|
||||||
|
|
||||||
|
rlPhaseStartTest "basic use"
|
||||||
|
rlRun "sestatus"
|
||||||
|
rlRun "sestatus -b 2>&1 | tee ${OUTPUT_FILE}"
|
||||||
|
rlAssertGrep "policy booleans" ${OUTPUT_FILE} -i
|
||||||
|
rlRun "sestatus -v 2>&1 | tee ${OUTPUT_FILE}"
|
||||||
|
rlAssertGrep "process contexts" ${OUTPUT_FILE} -i
|
||||||
|
rlAssertGrep "file contexts" ${OUTPUT_FILE} -i
|
||||||
|
rlAssertGrep "current context" ${OUTPUT_FILE} -i
|
||||||
|
rlAssertGrep "init context" ${OUTPUT_FILE} -i
|
||||||
|
rlAssertGrep "controlling term" ${OUTPUT_FILE} -i
|
||||||
|
rlRun "sestatus --xyz 2>&1 | tee ${OUTPUT_FILE}"
|
||||||
|
rlAssertGrep "invalid option" ${OUTPUT_FILE} -i
|
||||||
|
rlPhaseEnd
|
||||||
|
|
||||||
|
rlPhaseStartTest "extreme cases"
|
||||||
|
# pretend that the config file contains an invalid section
|
||||||
|
rlRun "sed -i 's/files/xyz/' /etc/sestatus.conf"
|
||||||
|
rlRun "sestatus -v 2>&1 | tee ${OUTPUT_FILE}"
|
||||||
|
rlAssertGrep "line not in a section" ${OUTPUT_FILE} -i
|
||||||
|
rlRun "rm -f /etc/sestatus.conf"
|
||||||
|
rlRun "mkdir /etc/sestatus.conf" # intentionally replaced a file with a directory
|
||||||
|
rlRun "sestatus -v"
|
||||||
|
# pretend that the config file is missing
|
||||||
|
rlRun "rm -rf /etc/sestatus.conf"
|
||||||
|
for OPTION in "-bv" "-v" ; do
|
||||||
|
rlRun "sestatus ${OPTION} 2>&1 | tee ${OUTPUT_FILE}"
|
||||||
|
rlAssertGrep "unable to open /etc/sestatus.conf" ${OUTPUT_FILE} -i
|
||||||
|
done
|
||||||
|
rlFileRestore
|
||||||
|
# pretend that SELinux is disabled
|
||||||
|
rlRun "umount ${SELINUX_FS_MOUNT}"
|
||||||
|
for OPTION in "" "-b" "-v" "-bv" ; do
|
||||||
|
rlRun "sestatus ${OPTION} 2>&1 | tee ${OUTPUT_FILE}"
|
||||||
|
rlAssertGrep "selinux status.*disabled" ${OUTPUT_FILE} -i
|
||||||
|
done
|
||||||
|
rlRun "mount -t selinuxfs none ${SELINUX_FS_MOUNT}"
|
||||||
|
# pretend that no booleans are defined
|
||||||
|
rlRun "mkdir ./booleans"
|
||||||
|
rlRun "mount --bind ./booleans ${SELINUX_FS_MOUNT}/booleans"
|
||||||
|
rlRun "sestatus -b 2>&1 | tee ${OUTPUT_FILE}"
|
||||||
|
rlRun "umount ${SELINUX_FS_MOUNT}/booleans"
|
||||||
|
rlAssertNotGrep "booleans" ${OUTPUT_FILE} -i
|
||||||
|
rlRun "rmdir ./booleans"
|
||||||
|
rlPhaseEnd
|
||||||
|
|
||||||
|
# This bug is not worth fixing in RHEL-5
|
||||||
|
if ! rlIsRHEL 5 ; then
|
||||||
|
rlPhaseStartTest
|
||||||
|
rlRun "rpm -ql ${PACKAGE} | grep /usr/sbin/sestatus"
|
||||||
|
rlRun "rpm -ql ${PACKAGE} | grep /usr/share/man/man8/sestatus.8"
|
||||||
|
for OPTION in b v ; do
|
||||||
|
rlRun "sestatus --help 2>&1 | grep -- -${OPTION}"
|
||||||
|
rlRun "man sestatus | col -b | grep -- -${OPTION}"
|
||||||
|
done
|
||||||
|
if ! rlIsRHEL 6 ; then
|
||||||
|
rlRun "man -w sestatus.conf"
|
||||||
|
fi
|
||||||
|
rlPhaseEnd
|
||||||
|
fi
|
||||||
|
|
||||||
|
rlPhaseStartCleanup
|
||||||
|
rlFileRestore
|
||||||
|
rm -f ${OUTPUT_FILE}
|
||||||
|
rlPhaseEnd
|
||||||
|
rlJournalPrintText
|
||||||
|
rlJournalEnd
|
||||||
|
|
65
tests/setsebool/Makefile
Normal file
65
tests/setsebool/Makefile
Normal file
@ -0,0 +1,65 @@
|
|||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# Makefile of /CoreOS/policycoreutils/Sanity/setsebool
|
||||||
|
# Description: does setsebool work correctly ?
|
||||||
|
# Author: Milos Malik <mmalik@redhat.com>
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# Copyright (c) 2011 Red Hat, Inc. All rights reserved.
|
||||||
|
#
|
||||||
|
# This copyrighted material is made available to anyone wishing
|
||||||
|
# to use, modify, copy, or redistribute it subject to the terms
|
||||||
|
# and conditions of the GNU General Public License version 2.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be
|
||||||
|
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||||
|
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||||
|
# PURPOSE. See the GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public
|
||||||
|
# License along with this program; if not, write to the Free
|
||||||
|
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||||
|
# Boston, MA 02110-1301, USA.
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
export TEST=/CoreOS/policycoreutils/Sanity/setsebool
|
||||||
|
export TESTVERSION=1.0
|
||||||
|
|
||||||
|
BUILT_FILES=
|
||||||
|
|
||||||
|
FILES=$(METADATA) runtest.sh Makefile PURPOSE
|
||||||
|
|
||||||
|
.PHONY: all install download clean
|
||||||
|
|
||||||
|
run: $(FILES) build
|
||||||
|
./runtest.sh
|
||||||
|
|
||||||
|
build: $(BUILT_FILES)
|
||||||
|
chmod a+x runtest.sh
|
||||||
|
chcon -t bin_t runtest.sh
|
||||||
|
|
||||||
|
clean:
|
||||||
|
rm -f *~ $(BUILT_FILES)
|
||||||
|
|
||||||
|
include /usr/share/rhts/lib/rhts-make.include
|
||||||
|
|
||||||
|
$(METADATA): Makefile
|
||||||
|
@echo "Owner: Milos Malik <mmalik@redhat.com>" > $(METADATA)
|
||||||
|
@echo "Name: $(TEST)" >> $(METADATA)
|
||||||
|
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
|
||||||
|
@echo "Path: $(TEST_DIR)" >> $(METADATA)
|
||||||
|
@echo "Description: does setsebool work correctly ?" >> $(METADATA)
|
||||||
|
@echo "Type: Sanity" >> $(METADATA)
|
||||||
|
@echo "TestTime: 45m" >> $(METADATA)
|
||||||
|
@echo "RunFor: policycoreutils" >> $(METADATA)
|
||||||
|
@echo "Requires: audit policycoreutils libselinux-utils shadow-utils grep" >> $(METADATA)
|
||||||
|
@echo "Priority: Normal" >> $(METADATA)
|
||||||
|
@echo "License: GPLv2" >> $(METADATA)
|
||||||
|
@echo "Confidential: no" >> $(METADATA)
|
||||||
|
@echo "Destructive: no" >> $(METADATA)
|
||||||
|
@echo "Releases: -RHEL4" >> $(METADATA)
|
||||||
|
|
||||||
|
rhts-lint $(METADATA)
|
||||||
|
|
5
tests/setsebool/PURPOSE
Normal file
5
tests/setsebool/PURPOSE
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
PURPOSE of /CoreOS/policycoreutils/Sanity/setsebool
|
||||||
|
Author: Milos Malik <mmalik@redhat.com>
|
||||||
|
|
||||||
|
Does setsebool work as expected? Does it produce correct audit messages?
|
||||||
|
|
151
tests/setsebool/runtest.sh
Executable file
151
tests/setsebool/runtest.sh
Executable file
@ -0,0 +1,151 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# runtest.sh of /CoreOS/policycoreutils/Sanity/setsebool
|
||||||
|
# Description: does setsebool work correctly ?
|
||||||
|
# Author: Milos Malik <mmalik@redhat.com>
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# Copyright (c) 2011 Red Hat, Inc. All rights reserved.
|
||||||
|
#
|
||||||
|
# This copyrighted material is made available to anyone wishing
|
||||||
|
# to use, modify, copy, or redistribute it subject to the terms
|
||||||
|
# and conditions of the GNU General Public License version 2.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be
|
||||||
|
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||||
|
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||||
|
# PURPOSE. See the GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public
|
||||||
|
# License along with this program; if not, write to the Free
|
||||||
|
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||||
|
# Boston, MA 02110-1301, USA.
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
# Include rhts environment
|
||||||
|
. /usr/bin/rhts-environment.sh
|
||||||
|
. /usr/share/beakerlib/beakerlib.sh
|
||||||
|
|
||||||
|
PACKAGE="policycoreutils"
|
||||||
|
USER_NAME="user${RANDOM}"
|
||||||
|
USER_SECRET="s3kr3t${RANDOM}"
|
||||||
|
BOOLEAN="ftpd_connect_db"
|
||||||
|
if rlIsRHEL 5 6 ; then
|
||||||
|
SELINUX_FS_MOUNT="/selinux"
|
||||||
|
else # RHEL-7 and above
|
||||||
|
SELINUX_FS_MOUNT="/sys/fs/selinux"
|
||||||
|
fi
|
||||||
|
|
||||||
|
rlJournalStart
|
||||||
|
rlPhaseStartSetup
|
||||||
|
rlAssertRpm ${PACKAGE}
|
||||||
|
OUTPUT_FILE=`mktemp`
|
||||||
|
chcon -t tmp_t ${OUTPUT_FILE}
|
||||||
|
|
||||||
|
rlRun "useradd ${USER_NAME}"
|
||||||
|
rlRun "echo ${USER_SECRET} | passwd --stdin ${USER_NAME}"
|
||||||
|
rlPhaseEnd
|
||||||
|
|
||||||
|
rlPhaseStartTest
|
||||||
|
for OPTION in "" "-P" ; do
|
||||||
|
for OPERATOR in " " "=" ; do
|
||||||
|
for VALUE in 0 1 false true off on ; do
|
||||||
|
rlRun "setsebool ${OPTION} ${BOOLEAN}${OPERATOR}${VALUE} | grep -i -e illegal -e usage -e invalid" 1
|
||||||
|
if [ ${VALUE} == "0" -o ${VALUE} == "false" ] ; then
|
||||||
|
SHOWN_VALUE="off"
|
||||||
|
elif [ ${VALUE} == "1" -o ${VALUE} == "true" ] ; then
|
||||||
|
SHOWN_VALUE="on"
|
||||||
|
else
|
||||||
|
SHOWN_VALUE=${VALUE}
|
||||||
|
fi
|
||||||
|
rlRun "getsebool -a | grep \"^${BOOLEAN}.*${SHOWN_VALUE}\""
|
||||||
|
done
|
||||||
|
done
|
||||||
|
done
|
||||||
|
rlPhaseEnd
|
||||||
|
|
||||||
|
rlPhaseStartTest
|
||||||
|
rlRun "setsebool" 1
|
||||||
|
rlRun "setsebool xyz=1 2>&1 | tee /dev/stderr | grep -i -e \"invalid boolean\" -e \"not found\" -e \"not defined\""
|
||||||
|
rlRun "setsebool xyz=-1 2>&1 | tee /dev/stderr | grep -i \"illegal value\""
|
||||||
|
rlRun "setsebool xyz=2 2>&1 | tee /dev/stderr | grep -i \"illegal value\""
|
||||||
|
if ! rlIsRHEL 5 6 ; then
|
||||||
|
rlRun "setsebool -N 2>&1 | tee /dev/stderr | grep -i \"boolean.*required\""
|
||||||
|
rlRun "setsebool -P 2>&1 | tee /dev/stderr | grep -i \"boolean.*required\""
|
||||||
|
fi
|
||||||
|
rlRun "setsebool -P xyz=1 2>&1 | tee /dev/stderr | grep -i -e \"invalid boolean\" -e \"not found\" -e \"not defined\""
|
||||||
|
rlRun "setsebool -P xyz=-1 2>&1 | tee /dev/stderr | grep -i \"illegal value\""
|
||||||
|
rlRun "setsebool -P xyz=2 2>&1 | tee /dev/stderr | grep -i \"illegal value\""
|
||||||
|
rlPhaseEnd
|
||||||
|
|
||||||
|
if ! rlIsRHEL 5 6 ; then
|
||||||
|
rlPhaseStartTest
|
||||||
|
rlRun "su -l -c '/usr/sbin/setsebool allow_ypbind 0' ${USER_NAME} 2>&1 | tee ${OUTPUT_FILE}"
|
||||||
|
rlAssertGrep "try as root" ${OUTPUT_FILE} -i
|
||||||
|
rlRun "su -l -c '/usr/sbin/setsebool allow_ypbind 1' ${USER_NAME} 2>&1 | tee ${OUTPUT_FILE}"
|
||||||
|
rlAssertGrep "try as root" ${OUTPUT_FILE} -i
|
||||||
|
rlRun "su -l -c '/usr/sbin/setsebool -P allow_ypbind 0' ${USER_NAME} 2>&1 | tee ${OUTPUT_FILE}"
|
||||||
|
rlAssertGrep "try as root" ${OUTPUT_FILE} -i
|
||||||
|
rlRun "su -l -c '/usr/sbin/setsebool -P allow_ypbind 1' ${USER_NAME} 2>&1 | tee ${OUTPUT_FILE}"
|
||||||
|
rlAssertGrep "try as root" ${OUTPUT_FILE} -i
|
||||||
|
rlPhaseEnd
|
||||||
|
|
||||||
|
rlPhaseStartTest
|
||||||
|
for OPTION in "" "-P" ; do
|
||||||
|
rlRun "getsebool allow_ypbind | grep nis_enabled"
|
||||||
|
rlRun "setsebool ${OPTION} allow_ypbind on"
|
||||||
|
rlRun "getsebool allow_ypbind | grep \"nis_enabled.*on\""
|
||||||
|
rlRun "setsebool ${OPTION} allow_ypbind off"
|
||||||
|
rlRun "getsebool allow_ypbind | grep \"nis_enabled.*off\""
|
||||||
|
done
|
||||||
|
rlPhaseEnd
|
||||||
|
|
||||||
|
rlPhaseStartTest
|
||||||
|
# https://fedoraproject.org/wiki/Features/SELinuxBooleansRename
|
||||||
|
for LINE in `cat /etc/selinux/*/booleans.subs_dist | sort | uniq | tr -s ' ' | tr ' ' ':'` ; do
|
||||||
|
OLD_BOOLEAN_NAME=`echo ${LINE} | cut -d : -f 1`
|
||||||
|
NEW_BOOLEAN_NAME=`echo ${LINE} | cut -d : -f 2`
|
||||||
|
rlRun "getsebool ${OLD_BOOLEAN_NAME} 2>&1 | tee ${OUTPUT_FILE}"
|
||||||
|
rlRun "getsebool ${NEW_BOOLEAN_NAME} 2>&1 | tee -a ${OUTPUT_FILE}"
|
||||||
|
rlRun "uniq -c ${OUTPUT_FILE} | grep '2 '"
|
||||||
|
done
|
||||||
|
rlPhaseEnd
|
||||||
|
fi
|
||||||
|
|
||||||
|
rlPhaseStartTest "audit messages"
|
||||||
|
START_DATE_TIME=`date "+%m/%d/%Y %T"`
|
||||||
|
sleep 1
|
||||||
|
rlRun "setsebool ${BOOLEAN} on"
|
||||||
|
rlRun "setsebool ${BOOLEAN} off"
|
||||||
|
rlRun "setsebool ${BOOLEAN} on"
|
||||||
|
sleep 1
|
||||||
|
rlRun "ausearch -m MAC_CONFIG_CHANGE -i -ts ${START_DATE_TIME} | grep \"type=MAC_CONFIG_CHANGE.*bool=${BOOLEAN} val=1 old_val=0\""
|
||||||
|
rlRun "ausearch -m MAC_CONFIG_CHANGE -i -ts ${START_DATE_TIME} | grep \"type=MAC_CONFIG_CHANGE.*bool=${BOOLEAN} val=0 old_val=1\""
|
||||||
|
if rlIsRHEL ; then
|
||||||
|
rlRun "ausearch -m MAC_CONFIG_CHANGE -i -ts ${START_DATE_TIME} | grep \"type=SYSCALL.*comm=setsebool\""
|
||||||
|
fi
|
||||||
|
rlPhaseEnd
|
||||||
|
|
||||||
|
rlPhaseStartTest "extreme cases"
|
||||||
|
# pretend that no booleans are defined
|
||||||
|
rlRun "mkdir ./booleans"
|
||||||
|
rlRun "mount --bind ./booleans ${SELINUX_FS_MOUNT}/booleans"
|
||||||
|
rlRun "setsebool ${BOOLEAN} on 2>&1 | tee ${OUTPUT_FILE}"
|
||||||
|
rlAssertGrep "could not change active booleans" ${OUTPUT_FILE} -i
|
||||||
|
rlRun "setsebool ${BOOLEAN} off 2>&1 | tee ${OUTPUT_FILE}"
|
||||||
|
rlAssertGrep "could not change active booleans" ${OUTPUT_FILE} -i
|
||||||
|
rlRun "umount ${SELINUX_FS_MOUNT}/booleans"
|
||||||
|
rlRun "rmdir ./booleans"
|
||||||
|
rlPhaseEnd
|
||||||
|
|
||||||
|
rlPhaseStartCleanup
|
||||||
|
rlRun "userdel -rf ${USER_NAME}"
|
||||||
|
rm -f ${OUTPUT_FILE}
|
||||||
|
rlPhaseEnd
|
||||||
|
rlJournalPrintText
|
||||||
|
rlJournalEnd
|
||||||
|
|
45
tests/tests.yml
Normal file
45
tests/tests.yml
Normal file
@ -0,0 +1,45 @@
|
|||||||
|
---
|
||||||
|
# Tests to run in a classic environment
|
||||||
|
- hosts: localhost
|
||||||
|
roles:
|
||||||
|
- role: standard-test-beakerlib
|
||||||
|
tags:
|
||||||
|
- classic
|
||||||
|
tests:
|
||||||
|
- CIL-modules-without-compilation
|
||||||
|
- semanage-interface
|
||||||
|
- semanage-login
|
||||||
|
- semanage-permissive-d-problems
|
||||||
|
- semanage-port-add-delete-problems
|
||||||
|
- semanage-user
|
||||||
|
- sestatus
|
||||||
|
required_packages:
|
||||||
|
- policycoreutils # Required by all tests
|
||||||
|
- policycoreutils-devel # Required by sepolicy-generate
|
||||||
|
- rpm-build # Required by sepolicy-generate
|
||||||
|
- policycoreutils-python-utils # Required by semanage tests
|
||||||
|
- grep # Required by semanage tests
|
||||||
|
- selinux-policy-minimum # Required by semanage tests
|
||||||
|
- selinux-policy-mls # Required by semanage tests
|
||||||
|
- selinux-policy-targeted # Required by semanage tests
|
||||||
|
- shadow-utils # Required by semanage tests
|
||||||
|
- selinux-policy-devel # Required by semanage tests
|
||||||
|
- coreutils # Required by semanage tests
|
||||||
|
- man # Required by semanage tests
|
||||||
|
- setools-console # Required by semanage tests
|
||||||
|
- libselinux # Required by semanage tests
|
||||||
|
- libselinux-utils # Required by semanage tests
|
||||||
|
- audit # Required by audit test
|
||||||
|
- e2fsprogs # Required by restorecon test
|
||||||
|
|
||||||
|
# Tests for atomic host
|
||||||
|
- hosts: localhost
|
||||||
|
tags:
|
||||||
|
- atomic
|
||||||
|
# no compatible tests
|
||||||
|
|
||||||
|
# Tests for docker container
|
||||||
|
- hosts: localhost
|
||||||
|
tags:
|
||||||
|
- container
|
||||||
|
# no compatible tests
|
Loading…
Reference in New Issue
Block a user